View Full Version : SOS:Security warning:your computer may be infected with harmful or unwanted software
My comouter kept showing the message Security warning: your computer may be infected with harmful or unwanted software! and also telling me that my system is slowed down by how many percentage. Can anyone please help?
My Hijackthis log is posted here.
Logfile of HijackThis v1.99.1
Scan saved at 上午 11:08:47, on 2006/12/10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ISHOST.EXE
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\isnotify.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\??stem32\dνdplay.exe
C:\DOCUME~1\Chiang\MYDOCU~1\ΑPPAT~1\winword.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Chiang\LOCALS~1\Temp\Rar$EX00.000\HijackThis.exe
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
R3 - URLSearchHook: (no name) - {6ECCEBFF-0639-389D-4A02-7D924F29D3C3} - C:\WINDOWS\system32\jvdjjmmk.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll (file missing)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\fgcdxtdq.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {66814EB3-5F25-4BCC-B3D5-DEBD8984DB18} - C:\WINDOWS\system32\pmnlj.dll (file missing)
O2 - BHO: (no name) - {6ECCEBFF-0639-389D-4A02-7D924F29D3C3} - C:\WINDOWS\system32\jvdjjmmk.dll
O2 - BHO: (no name) - {7411F8BA-29A3-3216-9DE7-024AC0AAB9F6} - C:\WINDOWS\system32\viyjhai.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C692~1\Bar888.dll
O2 - BHO: (no name) - {CC2A3C91-C23B-9DCA-5374-AFC1EED163AE} - C:\WINDOWS\system32\jdkfn.dll (file missing)
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - C:\WINDOWS\system32\ixt0.dll
O2 - BHO: (no name) - {F9070C90-EF0B-D9F2-7E31-9EECD8E04E9C} - C:\WINDOWS\system32\jdkfn.dll (file missing)
O2 - BHO: (no name) - {FC6E506B-A896-491E-AEFB-32735AB85E11} - C:\WINDOWS\system32\awtsr.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: 刲僩馱撿沭 - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - C:\Program Files\P4P\ToolBar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C692~1\Bar888.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvjub.dll,startup
O4 - HKLM\..\Run: [frsvabb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\frsvabb.dll,mhomdtd
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Qntz] C:\Program Files\??stem32\dνdplay.exe
O4 - HKCU\..\Run: [Lace] "C:\DOCUME~1\Chiang\MYDOCU~1\ΑPPAT~1\winword.exe" -vt ndrv
O4 - HKCU\..\Run: [umuk] C:\PROGRA~1\COMMON~1\umuk\umukm.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?SystemRoot%\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 妏蚚KuGoo3狟婥(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 妏蚚刲僩眻籵陬狟婥 - C:\Program Files\P4P\dl.htm
O8 - Extra context menu item: 楷冞芞善忒儂 - C:\Program Files\P4P\cx.htm
O8 - Extra context menu item: 氝樓善※扂腔隆堐§ - C:\Program Files\P4P\rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: 扂腔隆堐 - {8755CE6E-0BF7-4441-8751-FB728941B0B4} - C:\Program Files\P4P\rss.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/133fa95763e9f5fa9221/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134514140436
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144377594640
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGoo3\InExtend\KUGOO3~1.OCX
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: P4P Service - Unknown owner - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\gibcste.exe (file missing)
Hi izumi and welcome to Safer Networking Forums :)
You got a load of infections there...
One or more of the identified infections is a backdoor trojan.:sick:
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)
However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.
Please let us know what you have decided to do in your next post.
Hello Mr_JAk3,
After consideration, I would like to put in a effort to remove the viruses.
I have tried to use varios spyware remover. And I think the system might get better. But I am not sure if I have completely remove everything. Also my system is kind of slow, I am not sure if is because of the spyware.
Let me thank you in advance, even or not the spyware can be removed! :D:
I will again post my hijackthis log here
Logfile of HijackThis v1.99.1
Scan saved at 下午 01:48:27, on 2006/12/11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chiang\Desktop\Antispyware\HijackThis.exe
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
R3 - URLSearchHook: (no name) - {6ECCEBFF-0639-389D-4A02-7D924F29D3C3} - C:\WINDOWS\system32\jvdjjmmk.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll (file missing)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\fgcdxtdq.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: (no name) - {66814EB3-5F25-4BCC-B3D5-DEBD8984DB18} - C:\WINDOWS\system32\pmnlj.dll (file missing)
O2 - BHO: (no name) - {6ECCEBFF-0639-389D-4A02-7D924F29D3C3} - C:\WINDOWS\system32\jvdjjmmk.dll (file missing)
O2 - BHO: (no name) - {7411F8BA-29A3-3216-9DE7-024AC0AAB9F6} - C:\WINDOWS\system32\viyjhai.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C692~1\Bar888.dll
O2 - BHO: (no name) - {CC2A3C91-C23B-9DCA-5374-AFC1EED163AE} - C:\WINDOWS\system32\jdkfn.dll (file missing)
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - (no file)
O2 - BHO: (no name) - {F9070C90-EF0B-D9F2-7E31-9EECD8E04E9C} - C:\WINDOWS\system32\jdkfn.dll (file missing)
O2 - BHO: (no name) - {FC6E506B-A896-491E-AEFB-32735AB85E11} - C:\WINDOWS\system32\awtsr.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: 刲僩馱撿沭 - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - C:\Program Files\P4P\ToolBar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C692~1\Bar888.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [vphjecqfza] c:\windows\system32\vphjecqfza.exe vphjecqfza
O4 - HKLM\..\Run: [frsvabb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\frsvabb.dll,mhomdtd
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Qntz] C:\Program Files\??stem32\dνdplay.exe
O4 - HKCU\..\Run: [Lace] "C:\DOCUME~1\Chiang\MYDOCU~1\ΑPPAT~1\winword.exe" -vt ndrv
O4 - HKCU\..\Run: [umuk] C:\PROGRA~1\COMMON~1\umuk\umukm.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?SystemRoot%\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 妏蚚KuGoo3狟婥(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 妏蚚刲僩眻籵陬狟婥 - C:\Program Files\P4P\dl.htm
O8 - Extra context menu item: 楷冞芞善忒儂 - C:\Program Files\P4P\cx.htm
O8 - Extra context menu item: 氝樓善※扂腔隆堐§ - C:\Program Files\P4P\rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: 扂腔隆堐 - {8755CE6E-0BF7-4441-8751-FB728941B0B4} - C:\Program Files\P4P\rss.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/133fa95763e9f5fa9221/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134514140436
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144377594640
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGoo3\InExtend\KUGOO3~1.OCX
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: P4P Service - Unknown owner - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe (file missing)
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\gibcste.exe (file missing)
I'll be happy to help you :)
Disable AVG Anti-Spyware guard.
Open AVG Anti-Spyware
Click Shield
Click under "resident shield is"
Change it to inactive
Close the program
Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/zh/BetaB/combofix.exe) and save it to your desktop.
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Double click combofix.exe.
When finished, it shall produce a log for you. Save it and post that log in your next reply.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Restart the computer to the normal mode
=======
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.zip) and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
=======
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
================
When you're ready, please post the following logs to here:
Use several messags so that the gos don't get cut off!
- a fresh HijackThis log
- contents of combofix log
- contents of C:\vundofix.txt
- Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt
Hello,
Here is the Hajckthis log
Logfile of HijackThis v1.99.1
Scan saved at 上午 02:12:31, on 2006/12/13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chiang\Desktop\Antispyware\HijackThis.exe
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
R3 - URLSearchHook: (no name) - {6ECCEBFF-0639-389D-4A02-7D924F29D3C3} - C:\WINDOWS\system32\jvdjjmmk.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {66814EB3-5F25-4BCC-B3D5-DEBD8984DB18} - C:\WINDOWS\system32\pmnlj.dll (file missing)
O2 - BHO: (no name) - {6ECCEBFF-0639-389D-4A02-7D924F29D3C3} - C:\WINDOWS\system32\jvdjjmmk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C692~1\Bar888.dll (file missing)
O2 - BHO: (no name) - {CC2A3C91-C23B-9DCA-5374-AFC1EED163AE} - C:\WINDOWS\system32\jdkfn.dll (file missing)
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - (no file)
O2 - BHO: (no name) - {F9070C90-EF0B-D9F2-7E31-9EECD8E04E9C} - C:\WINDOWS\system32\jdkfn.dll (file missing)
O2 - BHO: (no name) - {FC6E506B-A896-491E-AEFB-32735AB85E11} - C:\WINDOWS\system32\awtsr.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [vphjecqfza] c:\windows\system32\vphjecqfza.exe vphjecqfza
O4 - HKLM\..\Run: [frsvabb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\frsvabb.dll,mhomdtd
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Qntz] C:\Program Files\??stem32\dνdplay.exe
O4 - HKCU\..\Run: [Lace] "C:\DOCUME~1\Chiang\MYDOCU~1\ΑPPAT~1\winword.exe" -vt ndrv
O4 - HKCU\..\Run: [umuk] C:\PROGRA~1\COMMON~1\umuk\umukm.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?SystemRoot%\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 妏蚚KuGoo3狟婥(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 妏蚚刲僩眻籵陬狟婥 - C:\Program Files\P4P\dl.htm
O8 - Extra context menu item: 楷冞芞善忒儂 - C:\Program Files\P4P\cx.htm
O8 - Extra context menu item: 氝樓善※扂腔隆堐§ - C:\Program Files\P4P\rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/133fa95763e9f5fa9221/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134514140436
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144377594640
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGoo3\InExtend\KUGOO3~1.OCX
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Chiang - 06-12-12 17:35:06.35 Service Pack 2
ComboFix 06.12.01W - Running from: "C:\Documents and Settings\Chiang\Desktop"
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\Chiang\Application Data\Dxcknwrd.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\tpuninstall.exe
C:\WINDOWS\system32\tsuninst.exe
C:\Program Files\batty2
C:\Program Files\cmfibula
C:\Program Files\Inetget2
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{0C6922BD-0725-1028-1224-200917030376}
C:\Program Files\Common Files\{0C6922BD-0726-1028-1224-200917030376}
C:\Program Files\Common Files\{3C6922BD-0725-1028-1224-200917030376}
C:\Program Files\Common Files\{3C6922BD-0726-1028-1224-200917030376}
C:\Documents and Settings\Chiang\Application Data\p4p
C:\Program Files\Common Files\sogou pxp
C:\Program Files\p4p
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\Documents and Settings\Chiang\My Documents\詴PAT~1
C:\qoobox\purity\Documents and Settings\Chiang\My Documents\詴PAT~1\詴PAT~1
C:\qoobox\purity\Program Files\STEM32~1
C:\qoobox\purity\Program Files\Common Files\ECURIT~1
((((((((((((((((((((((((((((((( Files Created from 2006-11-12 to 2006-12-12 ))))))))))))))))))))))))))))))))))
2006-12-12 17:42 <DIR> d-------- C:\WINDOWS\erdnt
2006-12-10 18:35 9,728 --a------ C:\WINDOWS\system32\drivers\pxscinst.dll
2006-12-10 18:35 7,680 --a------ C:\WINDOWS\system32\drivers\pxinst.dll
2006-12-10 18:35 7,552 --a------ C:\WINDOWS\system32\drivers\pxcom.sys
2006-12-10 18:35 274,432 --a------ C:\WINDOWS\system32\drivers\pxfsf.sys
2006-12-10 18:35 18,560 --a------ C:\WINDOWS\system32\drivers\pxtdi.sys
2006-12-10 18:35 13,568 --a------ C:\WINDOWS\system32\drivers\pxrd.sys
2006-12-10 18:35 11,648 --a------ C:\WINDOWS\system32\drivers\pxscrmbl.sys
2006-12-10 18:35 100,864 --a------ C:\WINDOWS\system32\drivers\PxEmu.sys
2006-12-10 18:35 <DIR> d-------- C:\Program Files\Prevx1
2006-12-10 18:35 <DIR> d-------- C:\Documents and Settings\Chiang\Application Data\Prevx
2006-12-10 18:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2006-12-10 10:56 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2006-12-10 10:56 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-10 10:56 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2006-12-10 10:56 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-10 10:56 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-10 10:56 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-10 03:14 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-12-10 03:08 <DIR> d-------- C:\WINDOWS\umuk
2006-12-10 03:08 <DIR> d-------- C:\Program Files\Common Files\umuk
2006-12-09 23:59 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-09 23:59 <DIR> d-------- C:\Program Files\Grisoft
2006-12-09 22:21 <DIR> d--hs---- C:\WINDOWS\CSC
2006-12-09 22:15 <DIR> d-------- C:\Program Files\CleanUp!
2006-12-09 13:10 <DIR> d-------- C:\VundoFix Backups
2006-12-09 11:38 88,340 --a------ C:\WINDOWS\system32\wgrpjqwr.exe
2006-12-09 11:38 <DIR> d-------- C:\Program Files\VSAdd-in
2006-12-09 10:35 <DIR> d-------- C:\quarantine
2006-12-09 10:23 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2006-12-09 10:22 58,464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys
2006-12-09 10:22 116,864 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2006-12-09 10:22 <DIR> d-------- C:\Program Files\Network Associates
2006-12-09 10:22 <DIR> d-------- C:\Program Files\Common Files\Network Associates
2006-12-09 10:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2006-12-09 10:09 <DIR> d-------- C:\Program Files\Norton AntiVirus
2006-12-09 10:08 83,168 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-12-09 10:08 104,144 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-12-09 09:37 93,696 --a------ C:\WINDOWS\system32\frsvabb.dll
2006-12-09 09:37 71,680 --a------ C:\WINDOWS\system32\viyjhai.dll
2006-12-09 09:30 1,329 --a------ C:\WINDOWS\system32\fwx21dca.sys
2006-12-09 09:30 <DIR> d-------- C:\Program Files\PSCastor
2006-12-09 09:29 <DIR> dr------- C:\Program Files\PadsysAssistant
2006-12-09 09:29 <DIR> d-------- C:\Program Files\CMIntex
2006-12-09 09:28 <DIR> d-------- C:\DeluxeCommunications
2006-12-09 01:12 10,752 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-12-09 01:02 <DIR> d-------- C:\Program Files\PSCS2
2006-12-09 00:48 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-12-08 21:46 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2006-12-08 21:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2006-11-29 23:41 <DIR> d-------- C:\Program Files\HammerSnipe PowerTool
2006-11-29 23:41 <DIR> d-------- C:\Program Files\Common Files\HammerTap
2006-11-29 23:36 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-29 23:36 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-11-29 23:35 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-29 23:34 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-29 23:33 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-27 22:26 <DIR> d-------- C:\Documents and Settings\Chiang\Application Data\deskPDF
2006-11-27 22:24 18,748 --a------ C:\WINDOWS\system32\ddmon.dll
2006-11-22 04:11 <DIR> d-------- C:\Program Files\MyGlobalSearch
2006-11-22 04:11 <DIR> d-------- C:\Program Files\ffdshow
2006-11-22 04:11 <DIR> d-------- C:\Program Files\Cliprex DS DVD Player
2006-11-15 01:53 <DIR> d-------- C:\Program Files\Foxy
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
Rootkit driver pe386 is present. A rootkit scan is required
2006-12-12 17:41 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-12 17:41 -------- d-------- C:\Program Files\Common Files
2006-12-09 11:58 -------- d-------- C:\Program Files\Absolute Uninstaller
2006-12-09 11:54 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-12-09 10:10 -------- d-------- C:\Program Files\Symantec
2006-12-09 09:49 -------- d-------- C:\Program Files\Norton AntiV
2006-12-09 01:30 -------- d-------- C:\Documents and Settings\Chiang\Application Data\Adobe
2006-12-09 01:28 -------- d-------- C:\Program Files\Adobe
2006-12-09 01:26 -------- d-------- C:\Program Files\Common Files\Adobe
2006-12-09 01:02 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-09 00:51 -------- d-------- C:\Program Files\KuGoo3
2006-12-02 12:18 -------- d-------- C:\Program Files\Windows Media Player
2006-12-02 12:18 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-11-30 16:18 -------- d-------- C:\Documents and Settings\Chiang\Application Data\Vso
2006-11-29 23:43 -------- d-------- C:\Program Files\Internet Explorer
2006-11-29 08:19 -------- d-------- C:\Program Files\iPod
2006-11-29 08:16 -------- d-------- C:\Documents and Settings\Chiang\Application Data\Skype
2006-11-26 15:25 -------- d-------- C:\Program Files\WretchClient
2006-11-26 15:25 -------- d-------- C:\Program Files\FlashGet
2006-11-26 14:55 -------- d-------- C:\Program Files\Java
2006-11-15 10:04 -------- d-------- C:\Program Files\eclipse
2006-11-10 16:43 -------- d-------- C:\Documents and Settings\Chiang\Application Data\Google
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-07 00:47 -------- d-------- C:\Documents and Settings\Chiang\Application Data\CopyToDvd
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-23 21:10 -------- d---s---- C:\Documents and Settings\Chiang\Application Data\Microsoft
2006-10-22 21:47 -------- d-------- C:\Program Files\Windows Journal Viewer
2006-10-21 12:48 -------- d-------- C:\Program Files\Google
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --a------ C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --a------ C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --a------ C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-16 23:27 34 --a------ C:\Documents and Settings\Chiang\Application Data\pcouffin.log
2006-10-16 23:26 81920 --a------ C:\Documents and Settings\Chiang\Application Data\ezpinst.exe
2006-10-16 23:26 7176 --a------ C:\Documents and Settings\Chiang\Application Data\pcouffin.cat
2006-10-16 23:26 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2006-10-16 23:26 47360 --a------ C:\Documents and Settings\Chiang\Application Data\pcouffin.sys
2006-10-16 23:26 1144 --a------ C:\Documents and Settings\Chiang\Application Data\pcouffin.inf
2006-10-16 23:26 -------- d-------- C:\Program Files\VSO
2006-10-16 16:41 -------- d-------- C:\Program Files\Skype
2006-10-15 20:30 -------- d-------- C:\Program Files\ClickToConvert
2006-10-13 04:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 04:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 04:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 02:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-09-29 06:56 28248 -ra------ C:\WINDOWS\system32\AdobePDF.dll
2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe
2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-12 21:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"Qntz"="C:\\Program Files\\??stem32\\dνdplay.exe"
"Lace"="\"C:\\DOCUME~1\\Chiang\\MYDOCU~1\\ΑPPAT~1\\winword.exe\" -vt ndrv"
"umuk"="C:\\PROGRA~1\\COMMON~1\\umuk\\umukm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"
"CTHelper"="CTHELPER.EXE"
"SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
@=""
"vphjecqfza"="c:\\windows\\system32\\vphjecqfza.exe vphjecqfza"
"frsvabb.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\frsvabb.dll,mhomdtd"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\tbmon.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"CMIntex"="\"C:\\Program Files\\CMIntex\\CMIntex.exe\""
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"CMIntex"="\"C:\\Program Files\\CMIntex\\CMIntex.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}"="gloomily"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{04CDB16C-AB38-43CD-A86A-6FEB90290939}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 06-12-12 17:45:01.85
C:\ComboFix.txt ... 06-12-12 17:45
VundoFix V6.2.13
Checking Java version...
Java version is 1.5.0.5
Java version is 1.5.0.6
Java version is 1.5.0.9
Scan started at 下午 08:06:03 2006/12/12
Listing files found while scanning....
No infected files were found.
================================================
SDFix: Version 1.46
****************
2006/12/12 星期二 - 17:56:44.25
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Stage One - Safe Mode
Checking For Trojan Services...
Service Name:
MsaSvc
Windows Overlay Components
File Path:
C:\WINDOWS\system32\msasvc.exe
C:\WINDOWS\gibcste.exe
MsaSvc Deleted...
Windows Overlay Components Deleted...
Starting Registry Repairs...
Restoring Default Hosts File...
Stage One Complete
Rebooting...
Stage Two - Normal Mode
Checking For Malware:
--------------------
C:\dbg.txt
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\tcb.pmw
C:\WINDOWS\Uninst2.htm
C:\WINDOWS\Unist1.htm
Backing Up and Removing any Files Found...
Final Check:
Services:
---------
Rootkit pe386 Present!
Authorized Applications Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Messenger"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Files:
------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking for files with Hidden Attributes:
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Chiang\Desktop\Document\mao\Boston\~WRL0003.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG
FINISHED!
You got a rootkit there too...
Download
http://www.uploads.ejvindh.net/rustbfix.exe
...and save it to your desktop.
Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt). Post the content of these logfiles along with a new HijackThis log.
Please run a GMER Rootkit scan:
Download GMER's application from here:
http://www.gmer.net/gmer.zip
Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.
Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.
Warning ! Please, do not select the "Show all" checkbox during the scan.
Hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 上午 02:45:46, on 2006/12/14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
C:\Documents and Settings\Chiang\Desktop\Antispyware\HijackThis.exe
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
R3 - URLSearchHook: (no name) - {6ECCEBFF-0639-389D-4A02-7D924F29D3C3} - C:\WINDOWS\system32\jvdjjmmk.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {66814EB3-5F25-4BCC-B3D5-DEBD8984DB18} - C:\WINDOWS\system32\pmnlj.dll (file missing)
O2 - BHO: (no name) - {6ECCEBFF-0639-389D-4A02-7D924F29D3C3} - C:\WINDOWS\system32\jvdjjmmk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C692~1\Bar888.dll (file missing)
O2 - BHO: (no name) - {CC2A3C91-C23B-9DCA-5374-AFC1EED163AE} - C:\WINDOWS\system32\jdkfn.dll (file missing)
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - (no file)
O2 - BHO: (no name) - {F9070C90-EF0B-D9F2-7E31-9EECD8E04E9C} - C:\WINDOWS\system32\jdkfn.dll (file missing)
O2 - BHO: (no name) - {FC6E506B-A896-491E-AEFB-32735AB85E11} - C:\WINDOWS\system32\awtsr.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [vphjecqfza] c:\windows\system32\vphjecqfza.exe vphjecqfza
O4 - HKLM\..\Run: [frsvabb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\frsvabb.dll,mhomdtd
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Qntz] C:\Program Files\??stem32\dνdplay.exe
O4 - HKCU\..\Run: [Lace] "C:\DOCUME~1\Chiang\MYDOCU~1\ΑPPAT~1\winword.exe" -vt ndrv
O4 - HKCU\..\Run: [umuk] C:\PROGRA~1\COMMON~1\umuk\umukm.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?SystemRoot%\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 妏蚚KuGoo3狟婥(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 妏蚚刲僩眻籵陬狟婥 - C:\Program Files\P4P\dl.htm
O8 - Extra context menu item: 楷冞芞善忒儂 - C:\Program Files\P4P\cx.htm
O8 - Extra context menu item: 氝樓善※扂腔隆堐§ - C:\Program Files\P4P\rss.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/133fa95763e9f5fa9221/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134514140436
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144377594640
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGoo3\InExtend\KUGOO3~1.OCX
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rxvkfdxn
*******************
Script file located at: \??\C:\Documents and Settings\xolvejhm.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.
prelog
************************* Rustock.b-fix -- By ejvindh *************************
2006/12/13 星期三 15:12:37.98
******************* Pre-run Status of system *******************
Rootkit driver PE386 is found. Starting the unload-procedure....
Examine the Avenger-logfile in order to assess the success of the unload-procedure
Rustock.b-ADS attached to the System32-folder:
:lzx32.sys 68968
Total size: 68968 bytes.
Attempting to remove ADS...
system32: deleted 68968 bytes in 1 streams.
******************* Post-run Status of system *******************
Rustock.b-driver on the system: NONE!
Rustock.b-ADS attached to the System32-folder:
No streams found.
******************************* End of Logfile ********************************
Hello,
I think the germ.zip cannot be found on the web. Do you know if there is other link? :oops:
Hi :)
Seems that gmer.net site is temporarily down. Please download Gmer from one of the mirrors here -> GMER (http://www.majorgeeks.com/GMER_d5198.html)
:bigthumb:
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-14 23:35:55
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT FE9D3109 ZwCreateThread
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
---- User code sections - GMER 1.0.12 ----
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[252] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[252] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[252] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[252] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[252] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[252] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[252] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[252] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[252] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[252] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[252] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[252] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[252] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[252] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[252] WININET.dll!InternetReadFile 771C5BAA 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[252] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[252] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[648] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004E12D0 C:\Program Files\MSN Messenger\MsnMsgr.Exe
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[840] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[840] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[840] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[840] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[840] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[840] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[840] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[840] WININET.dll!InternetReadFile 771C5BAA 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[840] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\services.exe[840] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[852] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[852] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[852] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[852] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[852] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[852] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[852] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[852] WININET.dll!InternetReadFile 771C5BAA 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[852] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\lsass.exe[852] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1004] WININET.dll!InternetReadFile 771C5BAA 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1004] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1004] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1064] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetReadFile 771C5BAA 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1064] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1204] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1204] WININET.dll!InternetReadFile 771C5BAA 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1204] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1204] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1272] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1272] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1272] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1272] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1272] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1272] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1272] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1272] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1272] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1272] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1272] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1272] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1272] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1272] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1272] WinInet.dll!InternetReadFile 771C5BAA 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1272] WinInet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[1272] WinInet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1384] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1384] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1384] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1384] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1384] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1384] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1384] WININET.dll!InternetReadFile 771C5BAA 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1384] WININET.dll!InternetOpenA
771CA6DD 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1384] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1444] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1444] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1444] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1444] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1444] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1444] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1444] WININET.dll!InternetReadFile 771C5BAA 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1444] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1444] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\explorer.exe[1744] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\explorer.exe[1744] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\explorer.exe[1744] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\explorer.exe[1744] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\explorer.exe[1744] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\explorer.exe[1744] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\explorer.exe[1744] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\explorer.exe[1744] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\explorer.exe[1744] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\explorer.exe[1744] WININET.dll!InternetReadFile 771C5BAA 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\explorer.exe[1744] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\explorer.exe[1744] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\explorer.exe[1744] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\explorer.exe[1744] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\explorer.exe[1744] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\explorer.exe[1744] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\explorer.exe[1744] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1968] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1968] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1968] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1968] WININET.dll!InternetReadFile 771C5BAA 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1968] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[1968] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2600] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2600] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2600] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2600] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2600] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2600] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2600] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2600] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2600] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2600] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2600] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2600] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2600] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2600] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2600] WININET.dll!InternetReadFile 771C5BAA 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2600] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\svchost.exe[2600] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[4032] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[4032] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[4032] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[4032] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[4032] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[4032] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[4032] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[4032] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[4032] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[4032] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[4032] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[4032] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[4032] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[4032] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[4032] WININET.dll!InternetReadFile 771C5BAA 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[4032] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll
.text C:\WINDOWS\system32\wuauclt.exe[4032] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll
---- Files - GMER 1.0.12 ----
ADS C:\Documents and Settings\Chiang\Desktop\drjava.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
---- EOF - GMER 1.0.12 ----
Hi again, we'll continue :)
The unregistered version of FlashGet serves up Ads in Internet Explorer that are downloaded from Cydoor servers. I would suggest removing it if it is this version. The registered version supposedly does not... so it should be ok. You can find Safer Alternatives (http://www.spywareinfo.com/downloads.php?cat=dlman#dlman). Please uninstall FlashGet in the Control Panel /Add Remove programs. These are the items to fix in HijackThis.
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
You should print these instructions or save these to a text file. Follow these instructions carefully.
Open AVG Anti-Spyware On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.
Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C: ) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).
Do not do anything with these yet!
==================
Open Control Panel -> Add/Remove programs -> Remove all the of the following or similar entries if found:
VSAdd-in
MyGlobalSearch
and any other programs you didn't install or don't recognize - if your not sure please ask first
Backup your registry:
Start
Run
Type the following to the box and hit Ok: regedit
A window opens, click on File
Choose Export form the menu
Change the save location to C:\
Give the filename, RegBackUp
Make sure that the filetype is set to Registryfiles (*.reg)
Click on Save and Close the window
Open Notepad (NOT WORDPAD!) and copy the following lines from the quote box below into a new document, leaving a blank line at the end. (don't forget to copy and paste the word REGEDIT4) :
REGEDIT4
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Qntz"=-
"Lace"=-
"umuk"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"vphjecqfza"=-
"frsvabb.dll"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CMIntex"=-
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CMIntex"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{04CDB16C-AB38-43CD-A86A-6FEB90290939}"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{9cc1c589-4b22-4dae-8e12-4c3b5fa12b3f}"=-
Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.
Save the document to your desktop as Fix.reg and filetype: All Files
Go to your desktop and double click on the file to run Fix.reg and when it asks you if you want to merge the contents to the registry, click yes/ok.
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
R3 - URLSearchHook: (no name) - {6ECCEBFF-0639-389D-4A02-7D924F29D3C3} - C:\WINDOWS\system32\jvdjjmmk.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O2 - BHO: (no name) - {66814EB3-5F25-4BCC-B3D5-DEBD8984DB18} - C:\WINDOWS\system32\pmnlj.dll (file missing)
O2 - BHO: (no name) - {6ECCEBFF-0639-389D-4A02-7D924F29D3C3} - C:\WINDOWS\system32\jvdjjmmk.dll (file missing)
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{3C692~1\Bar888.dll (file missing)
O2 - BHO: (no name) - {CC2A3C91-C23B-9DCA-5374-AFC1EED163AE} - C:\WINDOWS\system32\jdkfn.dll (file missing)
O2 - BHO: (no name) - {f4d74aaa-a178-4463-846b-b4bc87a024e0} - (no file)
O2 - BHO: (no name) - {F9070C90-EF0B-D9F2-7E31-9EECD8E04E9C} - C:\WINDOWS\system32\jdkfn.dll (file missing)
O2 - BHO: (no name) - {FC6E506B-A896-491E-AEFB-32735AB85E11} - C:\WINDOWS\system32\awtsr.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [vphjecqfza] c:\windows\system32\vphjecqfza.exe vphjecqfza
O4 - HKLM\..\Run: [frsvabb.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\frsvabb.dll,mhomdtd
O4 - HKCU\..\Run: [Qntz] C:\Program Files\??stem32\d?dplay.exe
O4 - HKCU\..\Run: [Lace] "C:\DOCUME~1\Chiang\MYDOCU~1\?PPAT~1\winword.exe" -vt ndrv
O4 - HKCU\..\Run: C:\PROGRA~1\COMMON~1\umuk\umukm.exe
O8 - Extra context menu item: 妏蚚刲僩眻籵陬狟婥 - C:\Program Files\P4P\dl.htm
O8 - Extra context menu item: 楷冞芞善忒儂 - C:\Program Files\P4P\cx.htm
O8 - Extra context menu item: 氝樓善※扂腔隆堐§ - C:\Program Files\P4P\rss.htm
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/133fa957...p/RdxIE601.cab
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Go to the My Computer and delete the following files (if present):
C:\WINDOWS\system32\wgrpjqwr.exe
C:\WINDOWS\system32\frsvabb.dll
C:\WINDOWS\system32\viyjhai.dll
C:\WINDOWS\system32\fwx21dca.sys
Go to the My Computer and delete the following folders (if present):
C:\WINDOWS\umuk
C:\Program Files\Common Files\umuk
C:\Program Files\VSAdd-in
C:\Program Files\PSCastor
C:\Program Files\PadsysAssistant
C:\Program Files\CMIntex
C:\DeluxeCommunications
C:\Program Files\MyGlobalSearch
Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press [u]Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
================
When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log
Getting better!
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 下午 05:38:54 2006/12/15
+ Scan result:
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP337\A0106412.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP338\A0107772.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0107908.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0107927.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0108020.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0109033.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0110016.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0110103.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0110117.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0110133.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0110157.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP340\A0112576.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP340\A0112562.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0110370.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0111425.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP340\A0112472.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP340\A0112579.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP340\A0112580.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP341\A0113637.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0110398.exe -> Adware.VirusBurst : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP344\A0115135.dll -> Downloader.Busky : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP344\A0115136.dll -> Downloader.Busky : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP340\A0111450.exe -> Downloader.PurityScan.dy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0110077.exe -> Downloader.Small.ebv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0110078.exe -> Downloader.Small.ebv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0110079.exe -> Downloader.Small.ebv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0107789.dll -> Downloader.Small.ece : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0111432.exe -> Downloader.Zlob.bdo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP340\A0111462.exe -> Downloader.Zlob.bdo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP340\A0112461.exe -> Downloader.Zlob.bdo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP340\A0112483.exe -> Downloader.Zlob.bdo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP340\A0112517.exe -> Downloader.Zlob.bdo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP340\A0112534.exe -> Downloader.Zlob.bdo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP340\A0112531.EXE -> Downloader.Zlob.bdq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0107787.exe -> Dropper.DollarR.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP340\A0112587.exe -> Hijacker.Costrat.z : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0107914.dll -> Not-A-Virus.Hoax.Win32.Renos.ap : Cleaned with backup (quarantined).
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 下午 05:58:59, on 2006/12/15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chiang\Desktop\Antispyware\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?SystemRoot%\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 妏蚚KuGoo3狟婥(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://free.aol.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134514140436
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144377594640
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGoo3\InExtend\KUGOO3~1.OCX
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Hi again, looks much better now :)
Because of the load of infections, it is best to run a one more scanner...
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
:bigthumb:
PS. The drive D was my old hard drive, which I only read the media file from it sometimes. So maybe we don't need to care about it?:spider:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 16, 2006 11:22:53 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 16/12/2006
Kaspersky Anti-Virus database records: 251262
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 149815
Number of viruses found: 16
Number of infected objects: 49 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:32:03
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20061216_Time-072737828_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20061216_Time-072737828_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_CHIANG.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_CHIANG.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\Chiang\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Chiang\Application Data\Microsoft\Word\AutoRecovery save of Toms Revision of Jons Portfolio Changes Accepted.asd Object is locked skipped
C:\Documents and Settings\Chiang\Application Data\Mozilla\Firefox\Profiles\o62pk7pl.default\cert8.db Object is locked skipped
C:\Documents and Settings\Chiang\Application Data\Mozilla\Firefox\Profiles\o62pk7pl.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Chiang\Application Data\Mozilla\Firefox\Profiles\o62pk7pl.default\history.dat Object is locked skipped
C:\Documents and Settings\Chiang\Application Data\Mozilla\Firefox\Profiles\o62pk7pl.default\key3.db Object is locked skipped
C:\Documents and Settings\Chiang\Application Data\Mozilla\Firefox\Profiles\o62pk7pl.default\parent.lock Object is locked skipped
C:\Documents and Settings\Chiang\Application Data\Mozilla\Firefox\Profiles\o62pk7pl.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Chiang\Application Data\Mozilla\Firefox\Profiles\o62pk7pl.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Chiang\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Chiang\Desktop\Antispyware\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Chiang\Desktop\Document\Software\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Chiang\Desktop\Document\Software\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Chiang\Desktop\Personal statement.doc Object is locked skipped
C:\Documents and Settings\Chiang\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Chiang\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Chiang\Local Settings\Application Data\Mozilla\Firefox\Profiles\o62pk7pl.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Chiang\Local Settings\Application Data\Mozilla\Firefox\Profiles\o62pk7pl.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Chiang\Local Settings\Application Data\Mozilla\Firefox\Profiles\o62pk7pl.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Chiang\Local Settings\Application Data\Mozilla\Firefox\Profiles\o62pk7pl.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Chiang\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chiang\Local Settings\Temp\~DF216A.tmp Object is locked skipped
C:\Documents and Settings\Chiang\Local Settings\Temp\~DF58E5.tmp Object is locked skipped
C:\Documents and Settings\Chiang\Local Settings\Temp\~DF6FAD.tmp Object is locked skipped
C:\Documents and Settings\Chiang\Local Settings\Temp\~DFA01.tmp Object is locked skipped
C:\Documents and Settings\Chiang\Local Settings\Temp\~DFDF5D.tmp Object is locked skipped
C:\Documents and Settings\Chiang\Local Settings\Temp\~WRF0000.tmp Object is locked skipped
C:\Documents and Settings\Chiang\Local Settings\Temp\~WRS0001.tmp Object is locked skipped
C:\Documents and Settings\Chiang\Local Settings\Temporary Internet Files\Content.IE5\7PNHN2NC\Toms Revision of Jons Portfolio Changes Accepted.doc Object is locked skipped
C:\Documents and Settings\Chiang\Local Settings\Temporary Internet Files\Content.IE5\7PNHN2NC\Toms Revision of Jons Portfolio.doc Object is locked skipped
C:\Documents and Settings\Chiang\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chiang\ntuser.dat Object is locked skipped
C:\Documents and Settings\Chiang\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP310\A0093453.exe/data0015 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP310\A0093453.exe/data0016 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP310\A0093453.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP313\A0097655.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP313\A0097656.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP313\A0098523.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP313\A0098570.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0107939.exe Infected: Backdoor.Win32.Rbot.bry skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0107941.exe Infected: Backdoor.Win32.Rbot.bry skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0107970.exe/WISE0019.BIN/DAPShred.exe Infected: Backdoor.Win32.Rbot.bry skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0107970.exe/WISE0019.BIN/DAPTraceCleaner.exe Infected: Backdoor.Win32.Rbot.bry skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0107970.exe/WISE0019.BIN Infected: Backdoor.Win32.Rbot.bry skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0107970.exe WiseSFX: infected - 3 skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0107970.exe WiseSFX Dropper: infected - 3 skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0107986.exe Infected: Backdoor.Win32.Rbot.bry skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP339\A0107987.exe Infected: Backdoor.Win32.Rbot.bry skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP340\A0112563.dll Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP341\A0113653.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP344\A0115134.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{64E3B9E7-AAAC-4D02-A47B-0020DF6F05EE}\RP345\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{2D1B0674-8EAC-4FEC-B4BB-C159D3FCC4D7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-20021102}.CDF Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
D:\Program Files\Norton AntiVirus\Quarantine\0D8B216B.Vir Infected: IM-Worm.Win32.Kelvir.b skipped
D:\Program Files\Norton AntiVirus\Quarantine\0DA5714E.dll Infected: Trojan-Downloader.Win32.Apropo.ag skipped
D:\Program Files\Norton AntiVirus\Quarantine\0DA5714E.exe Infected: Trojan-Downloader.Win32.Apropo.ag skipped
D:\Program Files\Norton AntiVirus\Quarantine\0DA81B4A.exe Infected: not-a-virus:AdWare.Win32.Apropos.b skipped
D:\Program Files\Norton AntiVirus\Quarantine\10AC4D2F.Vir Infected: IM-Worm.Win32.Kelvir.b skipped
D:\Program Files\Norton AntiVirus\Quarantine\218A3CA7.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
D:\Program Files\Norton AntiVirus\Quarantine\218A3CA7.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
D:\Program Files\Norton AntiVirus\Quarantine\218A3CA7.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
D:\Program Files\Norton AntiVirus\Quarantine\218A3CA7.zip ZIP: infected - 3 skipped
D:\Program Files\Norton AntiVirus\Quarantine\218A3CA7.zip CryptFF: infected - 3 skipped
D:\Program Files\Norton AntiVirus\Quarantine\21F514CD.Vir Infected: IM-Worm.Win32.Kelvir.b skipped
D:\Program Files\Norton AntiVirus\Quarantine\220E5AD8.Vir Infected: IM-Worm.Win32.Kelvir.b skipped
D:\Program Files\Norton AntiVirus\Quarantine\2F7712F2.tmp Infected: Trojan-Downloader.Java.OpenStream.w skipped
D:\Program Files\Norton AntiVirus\Quarantine\2FE9779A.Vir Infected: IM-Worm.Win32.Kelvir.b skipped
D:\Program Files\Norton AntiVirus\Quarantine\305B351C.Vir Infected: IM-Worm.Win32.Kelvir.b skipped
D:\Program Files\Norton AntiVirus\Quarantine\31C91389.Vir Infected: IM-Worm.Win32.Kelvir.b skipped
D:\Program Files\Norton AntiVirus\Quarantine\33263199.Vir Infected: IM-Worm.Win32.Kelvir.b skipped
D:\Program Files\Norton AntiVirus\Quarantine\33D3514A.Vir Infected: IM-Worm.Win32.Kelvir.b skipped
D:\Program Files\Norton AntiVirus\Quarantine\33DA2543.Vir Infected: IM-Worm.Win32.Kelvir.b skipped
D:\Program Files\Norton AntiVirus\Quarantine\3E447E64.Vir Infected: IM-Worm.Win32.Kelvir.b skipped
D:\Program Files\Norton AntiVirus\Quarantine\41957703.Vir Infected: IM-Worm.Win32.Kelvir.b skipped
D:\Program Files\Norton AntiVirus\Quarantine\49A4427E.Vir Infected: IM-Worm.Win32.Kelvir.b skipped
D:\Program Files\Norton AntiVirus\Quarantine\49B4146C.dll Infected: Trojan.Win32.Crypt.t skipped
D:\Program Files\Norton AntiVirus\Quarantine\4A622153.tmp Infected: Trojan-Downloader.Java.OpenStream.w skipped
D:\Program Files\Norton AntiVirus\Quarantine\662C3D1E.exe Infected: Trojan.Win32.SecondThought.t skipped
D:\Program Files\Norton AntiVirus\Quarantine\687033FC.Vir Infected: IM-Worm.Win32.Kelvir.b skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000371.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000372.ocx Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000373.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000374.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000375.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000376.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000377.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000378.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000379.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000380.ver Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000381.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000382.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000383.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000384.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000385.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000386.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000387.ver Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000388.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000389.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000390.ocx Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000391.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000392.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000393.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000394.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000395.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000396.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000397.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000398.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP10\A0000399.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000406.sys Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000407.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000408.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000409.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000410.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000411.ver Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000412.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000413.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000414.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000415.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000416.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000417.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000418.ver Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000419.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000420.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000421.sys Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000422.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000423.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000424.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000425.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP11\A0000426.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000436.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000437.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000438.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000439.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000440.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000441.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000442.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000443.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000444.ver Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000445.ver Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000446.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000447.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000448.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000449.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000450.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000451.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000452.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000453.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000454.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000455.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP12\A0000456.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000463.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000464.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000465.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000466.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000467.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000468.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000469.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000470.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000471.ver Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000472.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000473.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000474.sys Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000475.ver Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000476.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000477.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000478.sys Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000479.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000480.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000481.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000482.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP13\A0000483.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP14\A0000490.ver Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP14\A0000491.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP14\A0000492.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP14\A0000493.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP14\A0000494.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP14\A0000495.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP14\A0000496.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP14\A0000497.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP14\A0000498.cnv Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000545.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000546.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000547.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000548.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000549.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000550.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000551.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000552.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000553.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000554.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000555.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000556.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000557.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000558.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000559.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000560.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000561.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000562.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000563.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000564.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000565.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000566.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000567.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000568.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000569.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000570.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000571.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000572.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000573.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000574.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000575.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000576.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000577.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000578.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000579.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000580.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000581.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000582.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000583.ver Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000584.ver Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000585.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000586.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000587.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000588.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000589.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000590.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000591.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000592.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000593.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000594.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000595.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000596.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000597.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000598.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000599.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000600.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000601.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000602.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP15\A0000603.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000630.ver Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000631.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000632.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000633.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000634.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000635.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000636.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000637.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000638.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000639.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000640.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000641.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000642.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000643.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000644.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000645.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000646.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000647.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000648.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP16\A0000649.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000656.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000657.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000658.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000659.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000660.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000661.ver Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000662.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000663.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000664.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000665.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000666.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000667.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000668.ver Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000669.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000670.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000671.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000672.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000673.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000674.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000675.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP17\A0000676.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000715.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000716.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000717.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000718.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000719.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000720.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000721.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000722.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000723.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000724.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000725.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000726.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000727.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000728.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000729.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000730.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000731.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000732.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000733.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000734.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000735.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000736.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000737.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000738.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000739.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000740.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000741.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000742.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000743.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000744.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000745.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000746.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000747.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000748.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000749.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000750.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000751.tsp Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000752.TSP Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000753.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000754.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000755.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000756.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000757.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000758.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000759.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000760.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000761.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000762.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000763.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000764.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000765.ver Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000766.ver Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP18\A0000767.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000339.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000340.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000341.sys Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000342.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000343.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000344.ver Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000345.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000346.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000347.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000348.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000349.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000350.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000351.ver Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000352.inf Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000353.cat Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000354.sys Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000355.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000356.exe Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000357.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000358.dll Object is locked skipped
D:\System Volume Information\_restore{ED882476-C6C0-420E-8B1D-1450499616DD}\RP9\A0000359.exe Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
D:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
Scan process completed.
:bigthumb:
Hi again, it is looking good now :)
You don't seem to a firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) running, you must install one firewall.
NOTE: If you're using Windows XP firewall, I recommend that you install a better firewall. Windows firewall doesn't really provide enough protection.
Disable Windows firewall after installing a new firewall.
These are good (free) firewalls: Sunbelt-Kerio (http://www.sunbelt-software.com/Kerio.cfm)
ZoneAlarm (http://www.zonelabs.com/)
Sygate (http://http://www.majorgeeks.com/download.php?det=3356)
Outpost (http://www.majorgeeks.com/download.php?det=1056)
Delete the following file:
C:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll
You don't seem to have Norton Antivirus installed anymore, you can delete the following folder:
D:\Program Files\Norton AntiVirus
Now you can clean AVG's Quarantine:
Open AVG Anti-Spyware
Click Infections
Click Quarantine tab
Click Select all
Click Remove finally
Close the program
You can remove the tools we used.
Then you should update your Java to the latest version (6.0) Start
Control Panel
Add/Remove Programs
Delete the old Java, J2SE Runtime Environment 5.0 Update 9
Download the latest version of Java Runtime Environment (JRE) 6.0 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Install it
Now you can make your hidden files hidden again.
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
=============
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware (http://www.ewido.net/en/)
Update it and scan your computer regularly with it.
Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.
Use Firefox browser (http://www.mozilla.org)
Firefox is faster, safer and better browser than Internet Explorer.
Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly.
Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.
Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?
Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe ;)
Thank you Very Much! :2thumb:
Yes, I will keep clean from now! I felt released! :)
That's great news and you're very welcome :D:
As the problem appears to be resolved this topic has been archived.
If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.
Glad we could help :2thumb: