Sponsored By

lashaun84

Members
  • Content Count

    34
  • Joined

  • Last visited

About lashaun84

  • Rank
    Full Member
  1. wasn't sure if you got it just resending i completed this in internet explorer but here is the url http://www.pcpitstop.com/betapit/sec.asp?conid=22245145
  2. i completed this in internet explorer but here is the url http://www.pcpitstop.com/betapit/sec.asp?conid=22245145
  3. windows media player and in firefox even when i try to do im on my yahoo account it goes very slow i have to wait for it to catch up with the writing other than that everything has been moving pretty fast
  4. it's running a bit faster but when i try to play video clips it doesn't work right like it's spaced starting and stopping i don't know what that has to do with the way it's running but i want it to go without the starting and stopping
  5. __c0013A16.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c0019544.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00210E4.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c0023CC6.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c0025964.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c002A68A.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c002F1E4.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c0034F69.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c0042D21.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c0044C2B.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c004AF7B.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c004C291.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c0051F8F.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c0052589.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c005670D.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c0058519.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c0059AEE.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c005E189.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c0061FB5.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c0065744.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c0068A40.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c006961B.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c006FE92.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c007592E.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c007D907.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c0086EC0.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c008D81A.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c008E442.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00912FE.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c0094E24.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c0096412.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c009AF9A.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c009CFE2.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c009E490.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c009EE1C.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00A024E.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00A481B.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00A4916.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00A5BC1.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00A6853.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00AA101.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00AA59C.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00B4731.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00B7984.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00BB0C4.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00BBF55.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00BE2B5.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00C3440.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00C4CC1.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00C7EFE.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00C9254.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00CA6E4.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00D7B79.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00DB189.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00DB1B2.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00DF600.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00E6129.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00E65D1.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00E8841.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00EA9A1.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00F38C4.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00F3964.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00F4BC0.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00F6B82.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00F7A7A.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; __c00FF2EC.dat;C:\!FixIEDef;Probably Trojan.Packed.338;; SSC.exe\data005;C:\aolextras\SSC.exe;Probably BACKDOOR.Trojan;; SSC.exe;C:\aolextras;Archive contains infected objects;Moved.; ComboFix.exe/data002\32788R22FWJFW\FIND3M.bat;C:\Documents and Settings\Owner\Desktop\ComboFix.exe/data002;Probably BATCH.Virus;; data002;C:\Documents and Settings\Owner\Desktop;Archive contains infected objects;; ComboFix.exe;C:\Documents and Settings\Owner\Desktop;Container contains infected objects;Moved.; SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Owner\Desktop\Extra Files\SDFix.exe;Tool.Prockill;; SDFix.exe;C:\Documents and Settings\Owner\Desktop\Extra Files;Archive contains infected objects;Moved.; win32.exe;C:\Documents and Settings\Owner\Desktop\Extra Files;Trojan.Packed.375;Deleted.; IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data003;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MyWebSearch.4;; IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data008;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MWS.75;; IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data009;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MyWebSearch.7;; IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data010;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MWS.82;; IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data011;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.Websearch.7;; IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data012;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.Websearch.35;; IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data013;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MWS.74;; IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data014;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MWS.76;; IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data015;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MyWebSearch.14;; IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data016;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MyWebSearch.11;; IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data020;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MyWebSearch.8;; IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data021;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MyWebSearch.10;; IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data022;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.Msearch;; IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data023;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MyWebSearch.9;; IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data025;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MWS;; IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data028;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MyWebSearch.15;; IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data031;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.MyWebSearch.12;; IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe\data032;C:\Documents and Settings\Owner\My Documents\IWONSetup2.3.50.45.ZLfox000.exe/data001/mwsSetup.CommonCodebase.exe;Adware.Websearch.8;; mwsSetup.CommonCodebase.exe;C:\Documents and Settings\Owner\My Documents;Container contains infected objects;; data001;C:\Documents and Settings\Owner\My Documents;Archive contains infected objects;; IWONSetup2.3.50.45.ZLfox000.exe;C:\Documents and Settings\Owner\My Documents;Container contains infected objects;Moved.; aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe;Adware.Gdown;; aolcinst.exe;C:\Program Files\Common Files\aolback\Comps\coach;Archive contains infected objects;Moved.; TSSetup.exe\data002;C:\Program Files\Common Files\aolback\Comps\tpspd\TSSetup.exe;Probably DLOADER.Trojan;; TSSetup.exe;C:\Program Files\Common Files\aolback\Comps\tpspd;Archive contains infected objects;Moved.; 13.tmp.vir;C:\Qoobox\Quarantine\C;Trojan.Proxy.2684;Deleted.; 3.tmp.vir;C:\Qoobox\Quarantine\C;Trojan.Proxy.2684;Deleted.; 3A.tmp.vir;C:\Qoobox\Quarantine\C;Trojan.Proxy.2684;Deleted.; rnqcp.exe.vir;C:\Qoobox\Quarantine\C;Trojan.DownLoad.28462;Deleted.; a.zip.vir\Setup.exe;C:\Qoobox\Quarantine\C\WINDOWS\Fonts\a.zip.vir;Trojan.DownLoad.6032;; a.zip.vir;C:\Qoobox\Quarantine\C\WINDOWS\Fonts;Archive contains infected objects;Moved.; dpnlobby32.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.DownLoad.28458;Deleted.; kjepncko.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Packed.375;Deleted.; ndqnvhgv.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.78;Deleted.; qigkdfeq.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Packed.375;Deleted.; rukcng.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.78;Deleted.; sjiznr.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.78;Deleted.; tqtraqcu.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Juan.78;Deleted.; wkzrha.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Packed.375;Deleted.; zdnvjq.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Packed.375;Deleted.; __c0021000.dat.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Probably Trojan.Packed.338;; __c0044400.dat.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Probably Trojan.Packed.338;; __c008D31A.dat.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Probably Trojan.Packed.338;; ndis.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;Trojan.NtRootKit.2670;Deleted.; 39.music.mp3.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest;Trojan.WMALoader;Cured.; 41.crack.zip.vir\crack/CORE10k.EXE;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\41.crack.zip.vir;Trojan.MulDrop.23338;; 41.crack.zip.vir\crack/crack.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\41.crack.zip.vir;Trojan.MulDrop.23338;; 41.crack.zip.vir\setup.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\41.crack.zip.vir;Trojan.MulDrop.23338;; 41.crack.zip.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest;Archive contains infected objects;Moved.; 42.keymaker.zip.vir\keygen/keygen.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\42.keymaker.zip.vir;Trojan.MulDrop.23338;; 42.keymaker.zip.vir\setup.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\42.keymaker.zip.vir;Trojan.MulDrop.23338;; 42.keymaker.zip.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest;Archive contains infected objects;Moved.; 43.setup.zip.vir\crack/patch.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\43.setup.zip.vir;Trojan.MulDrop.23338;; 43.setup.zip.vir\setup.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\43.setup.zip.vir;Trojan.MulDrop.23338;; 43.setup.zip.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest;Archive contains infected objects;Moved.; 44.unpack.zip.vir\self_extracting_archive.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\44.unpack.zip.vir;Trojan.MulDrop.23338;; 44.unpack.zip.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest;Archive contains infected objects;Moved.; 45.keygen.zip.vir\keygen/keygen.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\45.keygen.zip.vir;Trojan.MulDrop.23338;; 45.keygen.zip.vir\setup.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\45.keygen.zip.vir;Trojan.MulDrop.23338;; 45.keygen.zip.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest;Archive contains infected objects;Moved.; 46.serial.zip.vir\serial/serial.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\46.serial.zip.vir;Trojan.MulDrop.23338;; 46.serial.zip.vir\setup.exe;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\46.serial.zip.vir;Trojan.MulDrop.23338;; 46.serial.zip.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest;Archive contains infected objects;Moved.; 47.music.snd.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest;Trojan.WMALoader;Cured.; Process.exe;C:\SDFix\apps;Tool.Prockill;; A0048100.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP109;Trojan.Proxy.2684;Deleted.; A0048121.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP110;Trojan.Proxy.2684;Deleted.; A0050142.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP112;Trojan.Proxy.2684;Deleted.; A0053528.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP122\A0053528.exe;Tool.Prockill;; A0053528.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP122;Archive contains infected objects;Moved.; A0053557.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP122;Tool.Prockill;; A0054788.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP127;Probably BATCH.Virus;; A0054844.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP127;Probably BATCH.Virus;; A0054900.exe/data002\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054900.exe/data002;Probably BATCH.Virus;; A0054900.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054900.exe/data002;Program.PsExec.171;; data002;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128;Archive contains infected objects;; A0054900.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128;Container contains infected objects;Moved.; A0054937.sys;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128;Trojan.NtRootKit.2670;Deleted.; A0054938.sys;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128;Trojan.NtRootKit.2670;Deleted.; A0055158.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP129;Probably BATCH.Virus;; A0065309.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140;Trojan.Packed.2463;Incurable.Moved.; A0065310.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140;Trojan.Packed.2463;Incurable.Moved.; A0065313.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140;Trojan.DownLoad.32521;Deleted.; A0065314.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140;Trojan.Siggen.2321;Deleted.; A0065325.exe\data005;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141\A0065325.exe;Probably BACKDOOR.Trojan;; A0065325.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141;Archive contains infected objects;Moved.; A0065326.exe/data002\32788R22FWJFW\FIND3M.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141\A0065326.exe/data002;Probably BATCH.Virus;; data002;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141;Archive contains infected objects;; A0065326.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141;Container contains infected objects;Moved.; A0065327.exe\SDFix\apps\Process.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141\A0065327.exe;Tool.Prockill;; A0065327.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141;Archive contains infected objects;Moved.; A0065328.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141;Trojan.Packed.375;Deleted.; A0065329.exe\core.cab\GTDOWNAO_106.ocx;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141\A0065329.exe;Adware.Gdown;; A0065329.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141;Archive contains infected objects;Moved.; A0065330.exe\data002;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141\A0065330.exe;Probably DLOADER.Trojan;; A0065330.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP141;Archive contains infected objects;Moved.; A0022381.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP62;Probably BATCH.Virus;; A0022454.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP63;Tool.Prockill;; A0022613.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP63;Probably BATCH.Virus;; A0022630.exe/data002\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP63\A0022630.exe/data002;Probably BATCH.Virus;; A0022630.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP63\A0022630.exe/data002;Program.PsExec.171;; data002;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP63;Archive contains infected objects;; A0022630.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP63;Container contains infected objects;Moved.; A0022638.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP63;Probably BATCH.Virus;; A0022714.bat;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP64;Probably BATCH.Virus;; A0022730.EXE;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP64;Program.PsExec.170;; A0024310.dll;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.Virtumod.based.27;Incurable.Moved.; A0024311.dll;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.Virtumod.based.27;Incurable.Moved.; A0024321.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.DownLoad.32521;Deleted.; A0025310.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.DownLoad.32229;Deleted.; A0025314.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.Packed.255;Deleted.; A0025332.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.Packed.375;Deleted.; A0025353.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.Packed.2450;Deleted.; A0025606.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.Fakealert.4154;Deleted.; A0025648.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Win32.Virut.56;Cured.; A0025651.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.Packed.2450;Deleted.; A0025703.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83;Trojan.Siggen.2321;Deleted.; A0025738.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025742.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025743.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025744.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025745.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025746.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025747.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025748.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025749.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025750.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025751.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025752.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025753.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025754.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025755.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025756.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025757.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025758.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025759.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025760.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025761.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025762.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025763.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025766.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025766.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.Siggen.2321;Deleted.; A0025767.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025768.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025769.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025770.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025771.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025772.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025773.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025774.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025775.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025776.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025777.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025778.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025779.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025780.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025781.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025782.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025783.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025784.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025785.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025786.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025787.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025788.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025789.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025790.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025791.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025792.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025793.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025794.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025795.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025796.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025797.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025798.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025799.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025799.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.Packed.2450;Deleted.; A0025800.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025801.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025802.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025802.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025803.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025804.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025805.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025806.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025807.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025808.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025809.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025810.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025811.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025812.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025813.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025814.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025815.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025816.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025817.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025818.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025819.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025820.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025821.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025822.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025823.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025824.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025825.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025826.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025827.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025828.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025829.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025830.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025831.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025832.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025833.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025834.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025835.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025836.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025837.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025838.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025839.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025840.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025841.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025842.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025843.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025844.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025844.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.Fakealert.4154;Deleted.; A0025845.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025846.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025847.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025848.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025849.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025850.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025851.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025852.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025853.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025854.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025855.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025856.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025857.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025858.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025859.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025860.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025861.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025862.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025863.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025864.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025865.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025866.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025867.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025868.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025869.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025870.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025871.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025872.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025873.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025874.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025875.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025876.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025877.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025878.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025879.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025880.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025881.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025882.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025883.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025884.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025885.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025886.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025887.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025888.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025889.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025890.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025891.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025892.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025893.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025894.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025895.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025896.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025897.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025898.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025899.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025900.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025901.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025902.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025903.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025904.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025905.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025906.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025907.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025908.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025909.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025910.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025911.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025912.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025913.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025914.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025915.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025916.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025917.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025918.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025919.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025920.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025921.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025922.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025923.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025924.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025925.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025926.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025927.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025928.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025929.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025930.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025931.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025932.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025933.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025934.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025935.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025936.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025937.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025938.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025939.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025940.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025941.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025942.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025943.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025944.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025945.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025946.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025947.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025948.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025949.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025950.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025951.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025952.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025953.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025954.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025955.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025956.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025957.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025958.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025959.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025960.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025961.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025962.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025963.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025964.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025965.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025966.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025967.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025968.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025969.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025970.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025971.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025972.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025973.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025974.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025975.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025976.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025977.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025978.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025979.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025980.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025981.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025982.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025983.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025984.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025985.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025986.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025987.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025988.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025989.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025990.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025991.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025992.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025993.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025994.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025995.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025996.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025997.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025998.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0025999.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026000.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026001.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026002.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026003.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026004.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026005.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026006.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026007.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026008.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026009.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026010.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026011.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026012.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026013.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026014.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026015.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026016.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026017.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026018.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026019.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026020.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026021.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026022.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026023.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026024.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026025.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026026.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026027.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026028.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026029.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026030.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026031.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026032.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026033.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026034.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026035.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026036.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026037.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026038.scr;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026039.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026040.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026041.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026042.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026043.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026044.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026045.EXE;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026046.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026047.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026048.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026049.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026050.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026051.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026052.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026053.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026054.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026055.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026056.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026057.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026058.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026059.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026060.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026061.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026062.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026063.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026064.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026065.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026066.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026067.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026068.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026069.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026070.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026071.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026072.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026073.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026074.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026075.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026076.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026077.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026078.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026079.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026081.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026082.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026086.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026087.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026089.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026090.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026091.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026092.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026093.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026094.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026095.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026096.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026096.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.Packed.2450;Deleted.; A0026097.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026098.EXE;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026099.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026100.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026101.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026102.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026103.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026104.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026105.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026106.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026107.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026108.EXE;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026109.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026110.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026111.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026112.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026113.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026114.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026115.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026116.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026117.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026117.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.Packed.375;Deleted.; A0026118.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026119.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026120.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026122.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026123.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026124.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026125.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026126.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026127.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026127.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.Packed.255;Deleted.; A0026129.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026131.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026131.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.DownLoad.32229;Deleted.; A0026132.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026133.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026134.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026135.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026136.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026137.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026138.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026143.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026143.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;BackDoor.BlackHole.3301;Deleted.; A0026144.sys;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.Click.25631;Deleted.; A0026145.sys;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.NtRootKit.2785;Deleted.; A0026146.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026147.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.PWS.Wsgame.11064;Deleted.; A0026148.dll;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.PWS.Wsgame.11009;Deleted.; A0026149.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026150.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026152.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026153.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026153.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.DownLoad.32229;Deleted.; A0026156.dll;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;BackDoor.Zapinit;Cured.; A0026162.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Trojan.Packed.2450;Deleted.; A0026258.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026259.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026260.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026261.exe;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;Win32.Virut.56;Cured.; A0026262.DLL;C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84;BackDoor.Zapinit;Cured.; DIGIFAST.0XE;C:\_OTMoveIt\MovedFiles\05142009_185305\Documents and Settings\Owner\Application Data\digifast;Trojan.Siggen.2321;Deleted.; NIDLE.0XE;C:\_OTMoveIt\MovedFiles\05142009_185305\Documents and Settings\Owner\Application Data\nidle;Trojan.DownLoad.32521;Deleted.; nidle.ex_;C:\_OTMoveIt\MovedFiles\05142009_185305\Documents and Settings\Owner\Application Data\nidle;Trojan.DownLoad.32521;Deleted.; sdrgfcvbf.dll;C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\system32;Trojan.DownLoad.36191;Deleted.; d4dhv2gu.exe;C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp;Trojan.Packed.2463;Incurable.Moved.; J1ICNS6S.0XE;C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp;Trojan.Packed.2463;Incurable.Moved.; KSCS4O5AYB.0XE;C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp;Trojan.Packed.2463;Incurable.Moved.; ml2i872r.exe;C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp;Trojan.Packed.2463;Incurable.Moved.;
  6. ;******************************************************************************* ********************************************************************************* ******************* ANALYSIS: 2009-06-04 15:42:57 PROTECTIONS: 0 MALWARE: 52 SUSPECTS: 22 ;******************************************************************************* ********************************************************************************* ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================= =================== ;=============================================================================== ================================================================================= =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================= =================== 00003729 spyware/conducent-timesink Spyware No 0 Yes No hkey_current_user\software\timesink, inc. 00003729 spyware/conducent-timesink Spyware No 0 Yes No hkey_local_machine\software\timesink, inc. 00003729 spyware/conducent-timesink Spyware No 0 Yes No c:\program files\timesink 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt 00560149 W32/P2PWorm.Y.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\dpnlobby32.dll.vir 00560149 W32/P2PWorm.Y.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\_dpnlobby32_.dll.zip[dpnlobby32.dll] 00569747 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\qigkdfeq.dll.vir 00569747 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\wkzrha.dll.vir 00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025677.sys 00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP101\A0047869.sys 00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\45.keygen.zip.vir[setup.exe] 00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\46.serial.zip.vir[setup.exe] 00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\45.keygen.zip.vir[keygen/keygen.exe] 00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\44.unpack.zip.vir[self_extracting_archive.exe] 00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\41.crack.zip.vir[crack/CORE10k.EXE] 00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\41.crack.zip.vir[crack/crack.exe] 00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\41.crack.zip.vir[setup.exe] 00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\42.keymaker.zip.vir[keygen/keygen.exe] 00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\43.setup.zip.vir[setup.exe] 00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\43.setup.zip.vir[crack/patch.exe] 00610370 W32/P2PWorm.AB.worm Virus/Worm No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\46.serial.zip.vir[serial/serial.exe] 00625332 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\__c008D31A.dat.vir 00625332 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\___c002917C_.dat.zip[__c002917C.dat] 00625332 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\__c0044400.dat.vir 00625332 Spyware/Virtumonde Spyware No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\__c0021000.dat.vir 00654615 Trj/Spammer.ALU Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025310.exe 00656624 Trj/Downloader.VOV Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\Documents and Settings\Owner\Application Data\nidle\NIDLE.0XE 00656624 Trj/Downloader.VOV Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0024321.exe 00656624 Trj/Downloader.VOV Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140\A0065313.exe 00656624 Trj/Downloader.VOV Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\Documents and Settings\Owner\Application Data\nidle\nidle.ex_ 00674120 Adware/SystemSecurity Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\1447988137\1331176861.exe 00702406 Trj/Downloader.VRN Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025309.exe 00702406 Trj/Downloader.VRN Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP124\A0054733.exe 00702417 Trj/Clicker.ANV Virus/Trojan No 1 Yes No C:\Documents and Settings\Owner\Application Data\Messenger\Sys\mu.dll 00702417 Trj/Clicker.ANV Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP73\A0023126.dll 00702417 Trj/Clicker.ANV Virus/Trojan No 1 Yes No C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\MsgUpdate.dll 00702417 Trj/Clicker.ANV Virus/Trojan No 1 No No C:\WINDOWS\system32\kt\conf02091b.exe[MsgUpdate.dll] 00702417 Trj/Clicker.ANV Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP73\A0023123.dll 00715171 Trj/Downloader.VQL Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025606.exe 00715171 Trj/Downloader.VQL Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0025844.exe 00716215 Adware/VapSup Adware No 0 Yes No C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\Aud32\msgasst.dll 00716322 Trj/BHO.DR Virus/Trojan No 0 Yes No C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\Aud32\msgutil.dll 00721305 W32/Sality.AO Virus No 1 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025648.exe 00737304 Rootkit/Lineage.KSS Virus No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026145.sys 00739483 Trj/Downloader.VSS Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140\A0065314.exe 00739483 Trj/Downloader.VSS Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\Documents and Settings\Owner\Application Data\digifast\DIGIFAST.0XE 00739483 Trj/Downloader.VSS Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025703.exe 00814651 Trj/Downloader.VUF Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\13.tmp.vir 00814912 Trj/Downloader.VUF Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\system32\KJSDIOWQ8OIKF.0LL 00814912 Trj/Downloader.VUF Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140\A0065311.dll 00814917 Trj/Downloader.VUF Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp\J1ICNS6S.0XE 00814917 Trj/Downloader.VUF Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140\A0065310.exe 00814917 Trj/Downloader.VUF Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140\A0065309.exe 00814917 Trj/Downloader.VUF Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp\KSCS4O5AYB.0XE 00892791 JS/Sality.AO Virus No 0 Yes No C:\Program Files\Mozilla Firefox\res\hiddenWindow.html 00892791 JS/Sality.AO Virus No 0 Yes No C:\WINDOWS\Help\migwiz.htm 00892791 JS/Sality.AO Virus No 0 Yes No C:\Program Files\NetMeeting\netmeet.htm 00892791 JS/Sality.AO Virus No 0 Yes No C:\WINDOWS\Help\ixqlang.htm 00892791 JS/Sality.AO Virus No 0 Yes No C:\Program Files\Yahoo! Games\Emerald City Confidential\readme.htm 00892791 JS/Sality.AO Virus No 0 Yes No C:\WINDOWS\Help\ciadmin.htm 00915568 Adware/Suurch Adware No 1 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\Documents and Settings\Owner\LOCALS~1\Temp\570833324.0XE 00915568 Adware/Suurch Adware No 1 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140\A0065312.exe 00915574 Trj/Downloader.VWJ Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp\mvtmymxi.exe 00915574 Trj/Downloader.VWJ Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp\ur40dz.exe 00915749 JS/Sality.AO Virus No 0 Yes No C:\WINDOWS\Help\ciquery.htm 00926642 Trj/Dropper.AIE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026143.exe 00926821 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026162.exe 00931441 Bck/Gh0stRat.D Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026141.dll 00948556 W32/Protector.A Virus No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ndis.sys.vir 00948556 W32/Protector.A Virus No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054938.sys 00948556 W32/Protector.A Virus No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054937.sys 01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP64\A0022730.EXE 02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP129\A0055121.sys 02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054944.sys 02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054918.sys 02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP64\A0022707.sys 02906063 Bck/VB.ABN Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\Fonts\a.zip.vir[setup.exe] 03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\system32\sdrgfcvbf.dll 03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\rukcng.dll.vir 03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\3A.tmp.vir 03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp\d4dhv2gu.exe 03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\tqtraqcu.dll.vir 03074964 Trj/CI.A Virus/Trojan No 0 No No C:\WINDOWS\system32\kt\conf02091b.exe[bHOInstaller.exe] 03491464 W32/Patched.D Virus No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026156.dll 03491464 W32/Patched.D Virus No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026262.DLL 04853766 Generic Trojan Virus/Trojan No 0 Yes No C:\!FixIEDef\1.tmp 04881591 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\GroupPolicyManifest\42.keymaker.zip.vir[setup.exe] 04946060 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\kjepncko.dll.vir 04946060 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\zdnvjq.dll.vir 04966615 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\ndqnvhgv.dll.vir 04966615 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\WINDOWS\system32\sjiznr.dll.vir 04980826 Trj/Zlob.KH Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025566.exe 04980826 Trj/Zlob.KH Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP140\A0065308.exe 05066600 Generic Trojan Virus/Trojan No 0 Yes No C:\Qoobox\Quarantine\C\rnqcp.exe.vir 05342462 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026147.exe 05347963 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025651.exe 05355088 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025314.exe 05374530 Trj/Sinowal.DW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026159.exe 05388521 Trj/Zlob.KH Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026154.exe 05391596 Trj/Agent.DPE Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025316.exe 05400339 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP83\A0025353.exe 05402331 Trj/Zlob.KH Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026148.dll 05404008 Adware/AccesMembre Adware No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026144.sys 05404064 W32/Socks.E.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP84\A0026263.dll 05449092 Generic Trojan Virus/Trojan No 0 Yes No C:\_OTMoveIt\MovedFiles\05142009_185305\WINDOWS\temp\ml2i872r.exe ;=============================================================================== ================================================================================= =================== SUSPECTS Sent Location ) ;=============================================================================== ================================================================================= =================== Yes C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\phuninst.dll ) Yes C:\Documents and Settings\Owner\Desktop\ComboFix.exe[32788R22FWJFW\n.com] ) Yes C:\Documents and Settings\Owner\Desktop\ComboFix.exe[32788R22FWJFW\NirCmd.cfexe] ) Yes C:\Documents and Settings\Owner\Desktop\Extra Files\win32.exe ) Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054925.exe ) Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054995.com ) Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054997.com ) Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP129\A0055035.exe[32788R22FWJFW\NirCmd.cfexe] Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP129\A0055035.exe[32788R22FWJFW\n.com] Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP129\A0055076.com ) Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP129\A0055078.com ) Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP129\A0055101.exe ) Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP129\A0055170.com ) Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP129\A0055172.com ) Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP128\A0054900.exe ) Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP63\A0022630.exe ) Yes C:\System Volume Information\_restore{823EAC99-234A-4B06-BBF6-5E5CB6289D1D}\RP73\A0023125.dll ) Yes C:\WINDOWS\NIRCMD.exe ) Yes C:\WINDOWS\system32\kt\conf02091b.exe[phuninst.dll] ) Yes C:\WINDOWS\system32\hsfiun3487dll ) Yes C:\WINDOWS\system32\kt\conf02091b.exe[igfxSys.dll] ) Yes C:\_OTMoveIt\MovedFiles\05142009_185305\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll ;=============================================================================== ================================================================================= =================== VULNERABILITIES Id Severity Description ) ;=============================================================================== ================================================================================= =================== 184380 MEDIUM MS08-002 ) 184379 MEDIUM MS08-001 ) 182048 HIGH MS07-069 ) 182046 HIGH MS07-067 ) 182043 HIGH MS07-064 ) 179553 HIGH MS07-061 ) 176382 HIGH MS07-057 ) 176383 HIGH MS07-058 ) 170911 HIGH MS07-050 ) 170907 HIGH MS07-046 ) 170906 HIGH MS07-045 ) 170904 HIGH MS07-043 ) 164915 HIGH MS07-035 ) 164913 HIGH MS07-033 ) 164911 HIGH MS07-031 ) 160623 HIGH MS07-027 ) 157262 HIGH MS07-022 ) 157261 HIGH MS07-021 ) 157260 HIGH MS07-020 ) 157259 HIGH MS07-019 ) 156477 HIGH MS07-017 ) 150253 HIGH MS07-016 ) 150249 HIGH MS07-013 ) 150248 HIGH MS07-012 ) 150247 HIGH MS07-011 ) 150243 HIGH MS07-008 ) 150242 HIGH MS07-007 ) 150241 MEDIUM MS07-006 ) 141034 HIGH MS06-076 ) 141033 MEDIUM MS06-075 ) 141030 HIGH MS06-072 ) 137571 HIGH MS06-070 ) 137568 HIGH MS06-067 ) 133387 MEDIUM MS06-065 ) 133386 MEDIUM MS06-064 ) 133385 MEDIUM MS06-063 ) 133379 HIGH MS06-057 ) 131654 HIGH MS06-055 ) 129977 MEDIUM MS06-053 ) 129976 MEDIUM MS06-052 ) 126093 HIGH MS06-051 ) 126092 MEDIUM MS06-050 ) 126087 HIGH MS06-046 ) 126086 MEDIUM MS06-045 ) 126083 HIGH MS06-042 ) 126082 HIGH MS06-041 ) 126081 HIGH MS06-040 ) 123421 HIGH MS06-036 ) 123420 HIGH MS06-035 ) 120825 MEDIUM MS06-032 ) 120823 MEDIUM MS06-030 ) 120818 HIGH MS06-025 ) 120815 HIGH MS06-022 ) 120814 HIGH MS06-021 ) 117384 MEDIUM MS06-018 ) 114666 HIGH MS06-015 ) 114664 HIGH MS06-013 ) 108744 MEDIUM MS06-008 ) 108743 MEDIUM MS06-007 ) 108742 MEDIUM MS06-006 ) 104567 HIGH MS06-002 ) 104237 HIGH MS06-001 ) 96574 HIGH MS05-053 ) 93395 HIGH MS05-051 ) 93394 HIGH MS05-050 ) 93454 MEDIUM MS05-049 ) ;=============================================================================== ================================================================================= ===================
  7. i have tried to do the system scan on more than one occasion it will not complete what should i do. I have left my computer on overnight trying to complete the system scan i have yet to recieve a log stating what is wrong. PLEASE HELP!!!!
  8. ComboFix 09-05-17.08 - Owner 18/05/2009 15:53.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.124 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt FILE :: C:\10.tmp C:\11.tmp C:\12.tmp C:\13.tmp C:\14.tmp C:\15.tmp C:\16.tmp C:\17.tmp C:\18.tmp C:\19.tmp C:\1A.tmp C:\1B.tmp C:\1C.tmp C:\1D.tmp C:\2B.tmp C:\3.tmp C:\3A.tmp C:\3B.tmp C:\3C.tmp C:\3D.tmp C:\3E.tmp C:\3F.tmp C:\4.tmp C:\40.tmp C:\41.tmp C:\42.tmp C:\43.tmp C:\44.tmp C:\45.tmp C:\46.tmp C:\47.tmp C:\48.tmp C:\49.tmp C:\4A.tmp C:\4B.tmp C:\5.tmp C:\6.tmp C:\7.tmp C:\8.tmp C:\9.tmp C:\A.tmp C:\B.tmp C:\C.tmp C:\D.tmp C:\E.tmp C:\F.tmp c:\windows\iun6002.exe c:\windows\system32\10.tmp c:\windows\system32\11.tmp c:\windows\system32\12.tmp c:\windows\system32\13.tmp c:\windows\system32\14.tmp c:\windows\system32\15.tmp c:\windows\system32\16.tmp c:\windows\system32\17.tmp c:\windows\system32\18.tmp c:\windows\system32\19.tmp c:\windows\system32\1A.tmp c:\windows\system32\1B.tmp c:\windows\system32\1C.tmp c:\windows\system32\1D.tmp c:\windows\system32\1E.tmp c:\windows\system32\1F.tmp c:\windows\system32\20.tmp c:\windows\system32\21.tmp c:\windows\system32\22.tmp c:\windows\system32\23.tmp c:\windows\system32\25.tmp c:\windows\system32\26.tmp c:\windows\system32\27.tmp c:\windows\system32\28.tmp c:\windows\system32\2A.tmp c:\windows\system32\2D.tmp c:\windows\system32\nuvameje.dll.vir c:\windows\system32\vbzip10.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\10.tmp C:\11.tmp C:\12.tmp C:\13.tmp C:\14.tmp C:\15.tmp C:\16.tmp C:\17.tmp C:\18.tmp C:\19.tmp C:\1A.tmp C:\1B.tmp C:\1C.tmp C:\1D.tmp C:\2B.tmp C:\3.tmp C:\3A.tmp C:\3B.tmp C:\3C.tmp C:\3D.tmp C:\3E.tmp C:\3F.tmp C:\4.tmp C:\40.tmp C:\41.tmp C:\42.tmp C:\43.tmp C:\44.tmp C:\45.tmp C:\46.tmp C:\47.tmp C:\48.tmp C:\49.tmp C:\4A.tmp C:\4B.tmp C:\5.tmp C:\6.tmp C:\7.tmp C:\8.tmp C:\9.tmp C:\A.tmp C:\B.tmp C:\C.tmp C:\D.tmp C:\E.tmp C:\F.tmp c:\windows\iun6002.exe c:\windows\system32\10.tmp c:\windows\system32\11.tmp c:\windows\system32\12.tmp c:\windows\system32\13.tmp c:\windows\system32\14.tmp c:\windows\system32\15.tmp c:\windows\system32\16.tmp c:\windows\system32\17.tmp c:\windows\system32\18.tmp c:\windows\system32\19.tmp c:\windows\system32\1A.tmp c:\windows\system32\1B.tmp c:\windows\system32\1C.tmp c:\windows\system32\1D.tmp c:\windows\system32\1E.tmp c:\windows\system32\1F.tmp c:\windows\system32\20.tmp c:\windows\system32\21.tmp c:\windows\system32\22.tmp c:\windows\system32\23.tmp c:\windows\system32\25.tmp c:\windows\system32\26.tmp c:\windows\system32\27.tmp c:\windows\system32\28.tmp c:\windows\system32\2A.tmp c:\windows\system32\2D.tmp c:\windows\system32\ntos.exe c:\windows\system32\nuvameje.dll.vir c:\windows\system32\vbzip10.dll . ((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 ))))))))))))))))))))))))))))))) . 2009-05-14 22:53 . 2009-05-14 22:53 -------- d-----w C:\_OTMoveIt 2009-05-05 22:26 . 2009-05-10 21:56 -------- d-----w c:\program files\Windows Media Connect 2 2009-05-05 22:21 . 2009-05-05 23:57 -------- d-----w c:\windows\system32\drivers\UMDF 2009-05-01 09:10 . 2009-05-01 09:10 -------- d-s---w c:\windows\system32\config\systemprofile\UserData 2009-04-23 21:39 . 2009-04-23 21:39 -------- d-----w c:\windows\data_0001810hapfp 2009-04-23 21:07 . 2009-04-23 21:50 -------- d-----w c:\program files\Tetris 2009-04-21 23:32 . 2009-04-21 23:32 -------- d-----w c:\program files\Selectsoft 2009-04-20 19:59 . 2009-05-05 22:21 -------- d-----w c:\windows\system32\LogFiles 2009-04-20 19:14 . 2009-04-20 19:14 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Musicmatch 2009-04-20 19:13 . 2009-04-20 19:13 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Musicmatch . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-17 02:17 . 2001-08-18 12:00 182912 ----a-w c:\windows\system32\drivers\ndis.sys 2009-05-09 23:37 . 2008-06-29 21:10 -------- d-----w c:\program files\Yahoo! Games 2009-05-01 09:07 . 2009-05-01 09:07 0 ----a-w C:\39.tmp 2009-04-30 09:06 . 2009-04-30 09:06 38 ----a-w C:\2A.tmp 2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\29.tmp 2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\28.tmp 2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\27.tmp 2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\26.tmp 2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\25.tmp 2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\24.tmp 2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\23.tmp 2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\22.tmp 2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\21.tmp 2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\20.tmp 2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\1F.tmp 2009-04-30 09:06 . 2009-04-30 09:06 54784 ----a-w C:\1E.tmp 2009-04-13 21:44 . 2009-01-06 00:46 -------- d-----w c:\program files\ANI 2009-04-13 21:44 . 2008-06-16 18:41 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-13 21:42 . 2009-04-13 21:42 -------- d-----w c:\program files\D-Link 2009-04-13 21:12 . 2008-06-16 18:41 -------- d-----w c:\program files\Common Files\InstallShield 2009-04-08 09:21 . 2009-04-08 09:21 0 ----a-w c:\windows\system32\2C.tmp 2009-04-04 13:14 . 2009-04-04 13:14 -------- d-----w c:\program files\MSECache 2009-03-24 22:33 . 2008-06-18 15:29 64368 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-23 20:04 . 2009-03-22 22:21 114 ----a-w c:\windows\de04ch5.dat 2009-03-22 22:46 . 2009-03-19 20:00 -------- d-----w c:\program files\Family Feud Dream Home 2009-03-22 22:20 . 2009-03-22 22:20 -------- d-----w c:\program files\detest5 2009-03-22 21:29 . 2009-03-22 21:29 -------- d-----w c:\program files\Common Files\SWF Studio 2009-03-22 21:29 . 2009-03-22 21:29 -------- d-----w c:\program files\KAZ Typing Test 2009-03-20 22:14 . 2009-03-20 22:14 81 ----a-w C:\CTX.DAT 2009-03-20 22:03 . 2009-01-25 16:00 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-20 22:03 . 2008-06-18 17:05 -------- d-----w c:\program files\Java 2009-03-06 14:44 . 2001-08-18 12:00 283648 ----a-w c:\windows\system32\pdh.dll 2009-02-20 08:30 . 2009-02-19 17:01 81920 ------w c:\windows\system32\ieencode.dll 2009-02-20 08:30 . 2001-08-18 12:00 659456 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((( [email protected]_02.35.04 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-18 20:04 . 2009-05-18 20:04 16384 c:\windows\temp\Perflib_Perfdata_610.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-19 110592] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-17 98304] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-06-19 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-06-19 114688] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-11 180269] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-20 148888] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2007-04-14 1556480] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= --- Other Services/Drivers In Memory --- *Deregistered* - AFD *Deregistered* - ALG *Deregistered* - ANIO *Deregistered* - ANIWZCSdService *Deregistered* - AudioSrv *Deregistered* - audstub *Deregistered* - Beep *Deregistered* - BITS *Deregistered* - Browser *Deregistered* - Cdfs *Deregistered* - CryptSvc *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - Dnscache *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - Fallback *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - Fsks *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - helpsvc *Deregistered* - HTTP *Deregistered* - HTTPFilter *Deregistered* - IpNat *Deregistered* - IPSec *Deregistered* - JavaQuickStarterService *Deregistered* - K56 *Deregistered* - KSecDD *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - MDM *Deregistered* - mdmxsdk *Deregistered* - mnmdd *Deregistered* - Mouclass *Deregistered* - MountMgr *Deregistered* - MRxDAV *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - mssmbios *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - NdisTapi *Deregistered* - Ndisuio *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - Null *Deregistered* - OMCI *Deregistered* - PartMgr *Deregistered* - ParVdm *Deregistered* - Pcmcia *Deregistered* - PolicyAgent *Deregistered* - PptpMiniport *Deregistered* - ProtectedStorage *Deregistered* - PSched *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - ShellHWDetection *Deregistered* - SoftFax *Deregistered* - Spooler *Deregistered* - sr *Deregistered* - srservice *Deregistered* - Srv *Deregistered* - SSDPSRV *Deregistered* - swenum *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - TermDD *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - Tones *Deregistered* - TrkWks *Deregistered* - Update *Deregistered* - V124 *Deregistered* - VgaSave *Deregistered* - VolSnap *Deregistered* - W32Time *Deregistered* - Wanarp *Deregistered* - WebClient *Deregistered* - winmgmt *Deregistered* - WS2IFSL *Deregistered* - wuauserv *Deregistered* - WudfPf *Deregistered* - WudfSvc *Deregistered* - WZCSVC . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mWindow Title = Microsoft Internet Explorer IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\ FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-18 16:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2632) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wscntfy.exe c:\progra~1\MUSICM~1\MUSICM~1\MMDiag.exe c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe . ************************************************************************** . Completion time: 2009-05-18 16:18 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-18 20:18 ComboFix2.txt 2009-05-17 02:48 ComboFix3.txt 2009-03-18 22:53 ComboFix4.txt 2009-03-18 21:44 ComboFix5.txt 2009-05-18 19:50 Pre-Run: 19,993,059,328 bytes free Post-Run: 19,978,661,888 bytes free 394 --- E O F --- 2009-05-13 22:08
  9. ComboFix 09-05-16.05 - Owner 16/05/2009 22:18.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.114 [GMT -4:00] Running from: c:\documents and settings\Owner\desktop\ComboFix.exe Command switches used :: /KillAll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Local Settings\Temporary Internet Files\CPV.stt c:\documents and settings\Owner\Local Settings\Temporary Internet Files\fbk.sts c:\program files\Jcore c:\program files\WWShow c:\recycler\S-1-5-21-436374069-1364589140-1801674531-500\INFO2 c:\windows\IE4 Error Log.txt c:\windows\Install.txt c:\windows\mqcd.dbt c:\windows\system32\Install.txt c:\windows\system32\ntos.exe c:\windows\system32\wsnpoem c:\windows\system32\wsnpoem\audio.dll c:\windows\system32\wsnpoem\video.dll Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected Restored copy from - The cat ate it . ((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 ))))))))))))))))))))))))))))))) . 2009-05-14 22:53 . 2009-05-14 22:53 -------- d-----w C:\_OTMoveIt 2009-05-05 22:26 . 2009-05-10 21:56 -------- d-----w c:\program files\Windows Media Connect 2 2009-05-05 22:21 . 2009-05-05 23:57 -------- d-----w c:\windows\system32\drivers\UMDF 2009-05-01 09:10 . 2009-05-01 09:10 -------- d-s---w c:\windows\system32\config\systemprofile\UserData 2009-04-23 21:39 . 2009-04-23 21:39 -------- d-----w c:\windows\data_0001810hapfp 2009-04-23 21:07 . 2009-04-23 21:50 -------- d-----w c:\program files\Tetris 2009-04-21 23:32 . 2009-04-21 23:32 -------- d-----w c:\program files\Selectsoft 2009-04-20 19:59 . 2009-05-05 22:21 -------- d-----w c:\windows\system32\LogFiles 2009-04-20 19:14 . 2009-04-20 19:14 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Musicmatch 2009-04-20 19:13 . 2009-04-20 19:13 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Musicmatch . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-17 02:17 . 2001-08-18 12:00 182912 ----a-w c:\windows\system32\drivers\ndis.sys 2009-05-09 23:37 . 2008-06-29 21:10 -------- d-----w c:\program files\Yahoo! Games 2009-05-04 21:14 . 2009-05-04 21:14 0 ----a-w C:\4B.tmp 2009-05-04 21:14 . 2009-05-04 21:14 0 ----a-w C:\4A.tmp 2009-05-04 21:14 . 2009-05-04 21:14 0 ----a-w C:\49.tmp 2009-05-04 21:14 . 2009-05-04 21:14 0 ----a-w C:\48.tmp 2009-05-04 21:14 . 2009-05-04 21:14 0 ----a-w C:\12.tmp 2009-05-03 23:06 . 2009-05-03 23:06 0 ----a-w C:\47.tmp 2009-05-03 23:06 . 2009-05-03 23:06 0 ----a-w C:\46.tmp 2009-05-03 23:06 . 2009-05-03 23:06 0 ----a-w C:\45.tmp 2009-05-03 23:06 . 2009-05-03 23:06 0 ----a-w C:\44.tmp 2009-05-03 23:05 . 2009-05-03 23:05 38 ----a-w C:\3E.tmp 2009-05-03 23:05 . 2009-05-03 23:05 0 ----a-w C:\43.tmp 2009-05-03 23:05 . 2009-05-03 23:05 0 ----a-w C:\42.tmp 2009-05-03 23:05 . 2009-05-03 23:05 0 ----a-w C:\41.tmp 2009-05-03 23:05 . 2009-05-03 23:05 0 ----a-w C:\40.tmp 2009-05-03 23:05 . 2009-05-03 23:05 0 ----a-w C:\3F.tmp 2009-05-03 23:05 . 2009-05-03 23:05 51712 ----a-w C:\3A.tmp 2009-05-03 23:05 . 2009-05-03 23:05 0 ----a-w C:\3D.tmp 2009-05-03 23:05 . 2009-05-03 23:05 0 ----a-w C:\3C.tmp 2009-05-03 23:05 . 2009-05-03 23:05 0 ----a-w C:\3B.tmp 2009-04-30 09:06 . 2009-04-30 09:06 0 ----a-w C:\2B.tmp 2009-04-23 19:58 . 2009-04-23 19:58 38 ----a-w C:\1D.tmp 2009-04-23 19:58 . 2009-04-23 19:58 0 ----a-w C:\1C.tmp 2009-04-23 19:58 . 2009-04-23 19:58 0 ----a-w C:\1B.tmp 2009-04-23 19:58 . 2009-04-23 19:58 0 ----a-w C:\1A.tmp 2009-04-23 19:58 . 2009-04-23 19:58 0 ----a-w C:\19.tmp 2009-04-23 19:58 . 2009-04-23 19:58 0 ----a-w C:\18.tmp 2009-04-23 19:58 . 2009-04-23 19:58 0 ----a-w C:\17.tmp 2009-04-23 19:58 . 2009-04-23 19:58 0 ----a-w C:\16.tmp 2009-04-23 19:58 . 2009-04-23 19:58 0 ----a-w C:\15.tmp 2009-04-23 19:58 . 2009-04-23 19:58 38 ----a-w C:\14.tmp 2009-04-23 19:58 . 2009-04-23 19:58 54784 ----a-w C:\13.tmp 2009-04-20 19:10 . 2009-04-20 19:10 38 ----a-w C:\10.tmp 2009-04-20 19:10 . 2009-04-20 19:10 0 ----a-w C:\11.tmp 2009-04-20 19:10 . 2009-04-20 19:10 0 ----a-w C:\F.tmp 2009-04-20 19:10 . 2009-04-20 19:10 0 ----a-w C:\A.tmp 2009-04-20 19:10 . 2009-04-20 19:10 0 ----a-w C:\9.tmp 2009-04-20 19:10 . 2009-04-20 19:10 0 ----a-w C:\8.tmp 2009-04-20 19:10 . 2009-04-20 19:10 0 ----a-w C:\7.tmp 2009-04-20 19:10 . 2009-04-20 19:10 0 ----a-w C:\6.tmp 2009-04-20 19:10 . 2009-04-20 19:10 0 ----a-w C:\5.tmp 2009-04-20 19:10 . 2009-04-20 19:10 38 ----a-w C:\4.tmp 2009-04-20 19:10 . 2009-04-20 19:10 52736 ----a-w C:\3.tmp 2009-04-18 12:09 . 2009-04-18 12:09 0 ----a-w C:\E.tmp 2009-04-18 12:08 . 2009-04-18 12:08 0 ----a-w C:\D.tmp 2009-04-18 12:08 . 2009-04-18 12:08 0 ----a-w C:\C.tmp 2009-04-18 12:08 . 2009-04-18 12:08 0 ----a-w C:\B.tmp 2009-04-13 21:44 . 2009-01-06 00:46 -------- d-----w c:\program files\ANI 2009-04-13 21:44 . 2008-06-16 18:41 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-13 21:42 . 2009-04-13 21:42 -------- d-----w c:\program files\D-Link 2009-04-13 21:12 . 2008-06-16 18:41 -------- d-----w c:\program files\Common Files\InstallShield 2009-04-08 09:22 . 2009-04-08 09:22 0 ----a-w c:\windows\system32\2D.tmp 2009-04-08 09:21 . 2009-04-08 09:21 0 ----a-w c:\windows\system32\2C.tmp 2009-04-08 09:20 . 2009-04-08 09:20 0 ----a-w c:\windows\system32\2A.tmp 2009-04-08 09:20 . 2009-04-08 09:20 0 ----a-w c:\windows\system32\28.tmp 2009-04-08 09:19 . 2009-04-08 09:19 0 ----a-w c:\windows\system32\27.tmp 2009-04-08 09:19 . 2009-04-08 09:19 0 ----a-w c:\windows\system32\26.tmp 2009-04-08 09:19 . 2009-04-08 09:19 0 ----a-w c:\windows\system32\25.tmp 2009-04-08 09:19 . 2009-04-08 09:19 0 ----a-w c:\windows\system32\23.tmp 2009-04-08 09:18 . 2009-04-08 09:18 0 ----a-w c:\windows\system32\22.tmp 2009-04-08 09:18 . 2009-04-08 09:18 0 ----a-w c:\windows\system32\21.tmp 2009-04-08 09:18 . 2009-04-08 09:18 0 ----a-w c:\windows\system32\20.tmp 2009-04-08 09:18 . 2009-04-08 09:18 0 ----a-w c:\windows\system32\1F.tmp 2009-04-08 09:17 . 2009-04-08 09:17 0 ----a-w c:\windows\system32\1E.tmp 2009-04-08 09:17 . 2009-04-08 09:17 0 ----a-w c:\windows\system32\1D.tmp 2009-04-08 09:17 . 2009-04-08 09:17 0 ----a-w c:\windows\system32\1C.tmp 2009-04-08 00:05 . 2009-04-08 00:05 0 ----a-w c:\windows\system32\1B.tmp 2009-04-07 23:56 . 2009-04-07 23:56 0 ----a-w c:\windows\system32\1A.tmp 2009-04-07 23:55 . 2009-04-07 23:55 0 ----a-w c:\windows\system32\19.tmp 2009-04-07 23:55 . 2009-04-07 23:55 0 ----a-w c:\windows\system32\18.tmp 2009-04-07 23:42 . 2009-04-07 23:42 0 ----a-w c:\windows\system32\17.tmp 2009-04-07 23:42 . 2009-04-07 23:42 0 ----a-w c:\windows\system32\16.tmp 2009-04-07 23:27 . 2009-04-07 23:27 0 ----a-w c:\windows\system32\15.tmp 2009-04-07 23:27 . 2009-04-07 23:27 0 ----a-w c:\windows\system32\14.tmp 2009-04-07 22:36 . 2009-04-07 22:36 0 ----a-w c:\windows\system32\13.tmp 2009-04-07 22:13 . 2009-04-07 22:13 0 ----a-w c:\windows\system32\12.tmp 2009-04-07 22:05 . 2009-04-07 22:05 0 ----a-w c:\windows\system32\11.tmp 2009-04-07 21:56 . 2009-04-07 21:56 0 ----a-w c:\windows\system32\10.tmp 2009-04-06 20:41 . 2009-01-06 20:41 84992 --sha-w c:\windows\system32\nuvameje.dll.vir 2009-04-04 13:14 . 2009-04-04 13:14 -------- d-----w c:\program files\MSECache 2009-03-24 22:33 . 2008-06-18 15:29 64368 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-03-23 20:04 . 2009-03-22 22:21 114 ----a-w c:\windows\de04ch5.dat 2009-03-22 22:46 . 2009-03-19 20:00 -------- d-----w c:\program files\Family Feud Dream Home 2009-03-22 22:20 . 2009-03-22 22:20 -------- d-----w c:\program files\detest5 2009-03-22 21:29 . 2009-03-22 21:29 -------- d-----w c:\program files\Common Files\SWF Studio 2009-03-22 21:29 . 2009-03-22 21:29 -------- d-----w c:\program files\KAZ Typing Test 2009-03-22 21:28 . 2009-03-22 21:29 737280 ----a-w c:\windows\iun6002.exe 2009-03-20 22:14 . 2009-03-20 22:14 81 ----a-w C:\CTX.DAT 2009-03-20 22:03 . 2009-01-25 16:00 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-20 22:03 . 2008-06-18 17:05 -------- d-----w c:\program files\Java 2009-03-17 16:19 . 2009-03-17 16:19 147456 ----a-w c:\windows\system32\vbzip10.dll 2009-03-06 14:44 . 2001-08-18 12:00 283648 ----a-w c:\windows\system32\pdh.dll 2009-02-20 08:30 . 2009-02-19 17:01 81920 ------w c:\windows\system32\ieencode.dll 2009-02-20 08:30 . 2001-08-18 12:00 659456 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-19 110592] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-17 98304] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-06-19 155648] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-06-19 114688] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-11 180269] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-20 148888] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2007-04-14 1556480] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= --- Other Services/Drivers In Memory --- *Deregistered* - AFD *Deregistered* - ALG *Deregistered* - ANIO *Deregistered* - ANIWZCSdService *Deregistered* - AudioSrv *Deregistered* - audstub *Deregistered* - Beep *Deregistered* - BITS *Deregistered* - Browser *Deregistered* - Cdfs *Deregistered* - CryptSvc *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - Dnscache *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - Fallback *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - Fips *Deregistered* - FltMgr *Deregistered* - Fsks *Deregistered* - Ftdisk *Deregistered* - Gpc *Deregistered* - helpsvc *Deregistered* - HTTP *Deregistered* - HTTPFilter *Deregistered* - IpNat *Deregistered* - IPSec *Deregistered* - JavaQuickStarterService *Deregistered* - K56 *Deregistered* - KSecDD *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - LmHosts *Deregistered* - MDM *Deregistered* - mdmxsdk *Deregistered* - mnmdd *Deregistered* - Mouclass *Deregistered* - MountMgr *Deregistered* - MRxDAV *Deregistered* - MRxSmb *Deregistered* - Msfs *Deregistered* - mssmbios *Deregistered* - Mup *Deregistered* - NDIS *Deregistered* - NdisTapi *Deregistered* - Ndisuio *Deregistered* - NdisWan *Deregistered* - NDProxy *Deregistered* - NetBIOS *Deregistered* - NetBT *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - Npfs *Deregistered* - Ntfs *Deregistered* - Null *Deregistered* - OMCI *Deregistered* - ParVdm *Deregistered* - PolicyAgent *Deregistered* - PptpMiniport *Deregistered* - ProtectedStorage *Deregistered* - PSched *Deregistered* - RasAcd *Deregistered* - Rasl2tp *Deregistered* - RasMan *Deregistered* - RasPppoe *Deregistered* - Raspti *Deregistered* - Rdbss *Deregistered* - RDPCDD *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - ShellHWDetection *Deregistered* - SoftFax *Deregistered* - Spooler *Deregistered* - sr *Deregistered* - srservice *Deregistered* - Srv *Deregistered* - SSDPSRV *Deregistered* - swenum *Deregistered* - TapiSrv *Deregistered* - Tcpip *Deregistered* - TermDD *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - Tones *Deregistered* - TrkWks *Deregistered* - Update *Deregistered* - V124 *Deregistered* - VgaSave *Deregistered* - VolSnap *Deregistered* - W32Time *Deregistered* - Wanarp *Deregistered* - WebClient *Deregistered* - winmgmt *Deregistered* - WS2IFSL *Deregistered* - wuauserv *Deregistered* - WudfPf *Deregistered* - WudfSvc *Deregistered* - WZCSVC . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mWindow Title = Microsoft Internet Explorer IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\ FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-16 22:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3428) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\msi.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wscntfy.exe c:\progra~1\MUSICM~1\MUSICM~1\MMDiag.exe c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe . ************************************************************************** . Completion time: 2009-05-17 22:48 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-17 02:48 ComboFix2.txt 2009-03-18 22:53 ComboFix3.txt 2009-03-18 21:44 ComboFix4.txt 2009-02-20 23:39 ComboFix5.txt 2009-05-17 02:08 Pre-Run: 20,198,514,688 bytes free Post-Run: 20,208,234,496 bytes free 314 --- E O F --- 2009-05-13 22:08 I was told to write this down and to reboot computer c:/windows/system32/ntos.exe HIJACK THIS LOG Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:50:15 PM, on 16/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\The Hidden Object Show Season 2\Images\stg_drm.ocx O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatieControl Object) - http://zone.msn.com/bingame/choc/default/C...eb.1.0.0.15.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213917412731 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213962550419 O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Elizabeth Find, MD - Diagnosis Mystery\Images\armhelper.ocx O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} (CPlayFirstWeddingDasControl Object) - http://zone.msn.com/bingame/wedd/default/W...sh.1.0.0.50.cab O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 5000 bytes
  10. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:32:16 PM, on 16/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\TEMP\BN1.tmp C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wudfhost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe, O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\The Hidden Object Show Season 2\Images\stg_drm.ocx O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatieControl Object) - http://zone.msn.com/bingame/choc/default/C...eb.1.0.0.15.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213917412731 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213962550419 O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Elizabeth Find, MD - Diagnosis Mystery\Images\armhelper.ocx O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} (CPlayFirstWeddingDasControl Object) - http://zone.msn.com/bingame/wedd/default/W...sh.1.0.0.50.cab O20 - AppInit_DLLs: bvqtzn.dll O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 5682 bytes
  11. ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== File move failed. C:\WINDOWS\system32\ntos.exe scheduled to be moved on reboot. File/Folder C:\WINDOWS\system32\sdrgfcvbf.dll not found. File/Folder C:\Documents and Settings\Owner\Application Data\nidle not found. File/Folder C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll not found. File/Folder C:\DOCUME~1\Owner\LOCALS~1\Temp\570833324.exe not found. File/Folder C:\WINDOWS\TEMP\j1icns6s.exe not found. File/Folder C:\WINDOWS\TEMP\1604645086.exe not found. File/Folder C:\WINDOWS\TEMP\mvtmymxi.exe not found. File/Folder C:\WINDOWS\system32\kjsdiowq8oikf.dll (file missing) not found. File/Folder C:\WINDOWS\system32\sdrgfcvbf.dll not found. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_hSix2IeqiWY9FO9zs2Bc scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\JET19EB.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Network Service Temp folder emptied. File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Network Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_f8.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05162009_165957 Files moved on Reboot... File move failed. C:\WINDOWS\system32\ntos.exe scheduled to be moved on reboot. File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_hSix2IeqiWY9FO9zs2Bc not found! File C:\DOCUME~1\Owner\LOCALS~1\Temp\JET19EB.tmp not found! File C:\WINDOWS\temp\Perflib_Perfdata_f8.dat not found! C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\XUL.mfl moved successfully.
  12. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:59:28 PM, on 15/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\TEMP\BN2.tmp C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, O2 - BHO: C:\WINDOWS\system32\sdrgfcvbf.dll - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\sdrgfcvbf.dll (file missing) O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe" 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 O4 - HKCU\..\Run: [igfxSys] rundll32.exe "C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll",StartProtector O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Owner\LOCALS~1\Temp\570833324.exe O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\j1icns6s.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\j1icns6s.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\1604645086.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\mvtmymxi.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\j1icns6s.exe (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\The Hidden Object Show Season 2\Images\stg_drm.ocx O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatieControl Object) - http://zone.msn.com/bingame/choc/default/C...eb.1.0.0.15.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213917412731 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213962550419 O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Elizabeth Find, MD - Diagnosis Mystery\Images\armhelper.ocx O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} (CPlayFirstWeddingDasControl Object) - http://zone.msn.com/bingame/wedd/default/W...sh.1.0.0.50.cab O20 - AppInit_DLLs: bvqtzn.dll O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\kjsdiowq8oikf.dll (file missing) O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\sdrgfcvbf.dll (file missing) O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 7085 bytes
  13. ========== PROCESSES ========== Process explorer.exe killed successfully. Error: Unable to interpret <:registry> in the current context! Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}> in the current context! Error: Unable to interpret <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\nidle> in the current context! Error: Unable to interpret <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IgfxSys> in the current context! Error: Unable to interpret <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DigiFast> in the current context! Error: Unable to interpret <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Diagnostic Manager> in the current context! Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{B2BA40A2-74F0-42BD-F434-12345A2C8953}> in the current context! Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{C2BA40A1-74F3-42BD-F434-12345A2C8953}> in the current context! ========== FILES ========== File/Folder C:\WINDOWS\system32\ntos.exe not found. C:\WINDOWS\SoftwareDistribution\Download\351c39c58af1240d8e8a02f54010533a\BIT32.tmp moved successfully. C:\WINDOWS\SoftwareDistribution\Download\5addd6f775e0368f244f62c739d66dd4\BIT58.tmp moved successfully. C:\WINDOWS\SoftwareDistribution\Download\7ab777f7de3e6e633438f06ba30269aa\BIT46.tmp moved successfully. C:\WINDOWS\temp\d4dhv2gu.exe moved successfully. C:\WINDOWS\temp\j1icns6s.exe moved successfully. C:\WINDOWS\temp\kscs4o5ayb.exe moved successfully. C:\WINDOWS\temp\ml2i872r.exe moved successfully. C:\WINDOWS\temp\mvtmymxi.exe moved successfully. C:\WINDOWS\temp\ur40dz.exe moved successfully. C:\Documents and Settings\Owner\Application Data\nidle moved successfully. File/Folder C:\WINDOWS\system32\wsnpoem not found. Folder move failed. C:\Documents and Settings\Owner\Application Data\digifast scheduled to be moved on reboot. C:\WINDOWS\system32\kjsdiowq8oikf.dll NOT unregistered. C:\WINDOWS\system32\kjsdiowq8oikf.dll moved successfully. DllUnregisterServer procedure not found in C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll NOT unregistered. C:\Documents and Settings\Owner\Application Data\Messenger\Drivers\IgfxSys.dll moved successfully. C:\WINDOWS\system32\sdrgfcvbf.dll NOT unregistered. C:\WINDOWS\system32\sdrgfcvbf.dll moved successfully. File/Folder C:\WINDOWS\system32\kjsdiowq8oikf.dl not found. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\570833324.exe scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_73qu9UsfOT7SUVkjivy9 scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\JET6613.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Network Service Temp folder emptied. File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Network Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_614.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\urlclassifier3.sqlite-journal scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05142009_185305 Files moved on Reboot... C:\Documents and Settings\Owner\Application Data\digifast moved successfully. C:\DOCUME~1\Owner\LOCALS~1\Temp\570833324.exe moved successfully. File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_73qu9UsfOT7SUVkjivy9 not found! File C:\DOCUME~1\Owner\LOCALS~1\Temp\JET6613.tmp not found! File C:\WINDOWS\temp\Perflib_Perfdata_614.dat not found! C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\urlclassifier3.sqlite moved successfully. File C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\urlclassifier3.sqlite-journal not found! C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\aw4dysyr.default\XUL.mfl moved successfully.
  14. GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-05-13 15:04:34 Windows 5.1.2600 Service Pack 2 ---- Kernel code sections - GMER 1.0.15 ---- ? C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- ? C:\WINDOWS\System32\svchost.exe[3896] image checksum mismatch; time/date stamp mismatch; unknown module: urlmon.dllunknown module: OLEAUT32.dll ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00814416 IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008143A8 IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0081436A IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00814337 IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00814A7E IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00814A23 IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0081471E IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 008149F7 IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00814A23 IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00814A4F IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00814A7E IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0081471E IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00814A23 IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00814A7E IAT C:\WINDOWS\system32\wscntfy.exe[184] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00814416 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[308] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8 IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337 IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7 IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[316] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8 IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337 IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7 IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\QuickTime\qttask.exe[488] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 007B4416 IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 007B43A8 IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 007B436A IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 007B4337 IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 007B471E IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 007B4A23 IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 007B4A7E IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 007B4416 IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 007B4A7E IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 007B4A23 IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 007B471E IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 007B49F7 IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 007B4A23 IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 007B4A4F IAT C:\WINDOWS\System32\alg.exe[588] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 007B4A7E IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00F14416 IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00F14416 IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00F143A8 IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00F1436A IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00F14337 IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00F1471E IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00F14A23 IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00F14A7E IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00F14A7E IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00F14A23 IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00F1471E IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 00F149F7 IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00F14A23 IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00F14A4F IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00F14A7E IAT C:\WINDOWS\system32\services.exe[684] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00F14416 IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00C24416 IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00C243A8 IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00C2436A IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00C24337 IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00C243A8 IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00C24416 IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00C243A8 IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00C2436A IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00C2471E IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00C24A23 IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00C24A7E IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00C24A7E IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00C24A23 IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00C2471E IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 00C249F7 IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00C24A23 IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00C24A4F IAT C:\WINDOWS\system32\lsass.exe[700] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00C24A7E IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8 IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337 IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7 IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe[704] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8 IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337 IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7 IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Program Files\D-Link\AirPlus G\AirGCFG.exe[840] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\WINDOWS\system32\svchost.exe[848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00B94337 IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00764416 IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 007643A8 IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0076436A IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00764337 IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0076471E IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00764A23 IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00764A7E IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00764A7E IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00764A23 IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0076471E IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 007649F7 IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00764A23 IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00764A4F IAT C:\WINDOWS\system32\svchost.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00764A7E IAT C:\WINDOWS\system32\svchost.exe[904] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00764416 IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 012D4416 IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 012D43A8 IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 012D436A IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 012D4337 IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 012D471E IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 012D4A23 IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 012D4A7E IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 012D4A7E IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 012D4A23 IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 012D471E IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 012D49F7 IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 012D4A23 IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 012D4A4F IAT C:\WINDOWS\System32\svchost.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 012D4A7E IAT C:\WINDOWS\System32\svchost.exe[944] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 012D4416 IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 009E4416 IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 009E43A8 IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 009E436A IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 009E4337 IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 009E471E IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 009E4A23 IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 009E4A7E IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 009E4A7E IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 009E4A23 IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 009E471E IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 009E49F7 IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 009E4A23 IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 009E4A4F IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 009E4A7E IAT C:\WINDOWS\system32\svchost.exe[980] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 009E4416 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe[1012] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00624416 IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 006243A8 IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0062436A IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00624337 IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0062471E IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00624A23 IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00624A7E IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00624A7E IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00624A23 IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0062471E IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 006249F7 IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00624A23 IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00624A4F IAT C:\WINDOWS\System32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00624A7E IAT C:\WINDOWS\System32\svchost.exe[1104] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00624416 IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8 IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337 IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7 IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1124] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404416 IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004043A8 IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040436A IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404337 IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040471E IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00404A23 IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00404A7E IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00404A7E IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00404A23 IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040471E IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 004049F7 IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00404A23 IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00404A4F IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00404A7E IAT C:\WINDOWS\System32\svchost.exe[1140] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404416 IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 006A4416 IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 006A43A8 IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 006A436A IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 006A4337 IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 006A471E IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 006A4A23 IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 006A4A7E IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 006A4A7E IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 006A4A23 IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 006A471E IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 006A49F7 IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 006A4A23 IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 006A4A4F IAT C:\WINDOWS\system32\svchost.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 006A4A7E IAT C:\WINDOWS\system32\svchost.exe[1160] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 006A4416 IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8 IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337 IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7 IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Program Files\Java\jre6\bin\jusched.exe[1256] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00084416 IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000843A8 IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0008436A IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00084337 IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0008471E IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00084A23 IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00084A7E IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 000849F7 IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00084A23 IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00084A4F IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00084A7E IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00084A7E IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00084A23 IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0008471E IAT C:\WINDOWS\system32\wuauclt.exe[1292] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00084416 IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 009E4416 IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 009E43A8 IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 009E436A IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 009E4337 IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 009E471E IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 009E4A23 IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 009E4A7E IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 009E4A7E IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 009E4A23 IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 009E471E IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 009E49F7 IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 009E4A23 IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 009E4A4F IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 009E4A7E IAT C:\WINDOWS\system32\spoolsv.exe[1404] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 009E4416 IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8 IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337 IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7 IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Documents and Settings\Owner\Application Data\nidle\nidle.exe[1444] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00084416 IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000843A8 IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0008436A IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00084337 IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0008471E IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00084A23 IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00084A7E IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00084A7E IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00084A23 IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0008471E IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 000849F7 IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00084A23 IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00084A4F IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00084A7E IAT C:\WINDOWS\system32\ctfmon.exe[1452] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00084416 IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00624416 IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 006243A8 IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0062436A IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00624337 IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0062471E IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00624A23 IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00624A7E IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00624A7E IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00624A23 IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0062471E IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 006249F7 IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00624A23 IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00624A4F IAT C:\WINDOWS\System32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00624A7E IAT C:\WINDOWS\System32\svchost.exe[1484] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00624416 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00DB4416 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00DB43A8 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00DB436A IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00DB4337 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00DB4416 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00DB471E IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00DB4A23 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00DB4A7E IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 00DB49F7 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00DB4A23 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00DB4A4F IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00DB4A7E IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00DB4A7E IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00DB4A23 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1556] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00DB471E IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 003C4416 IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003C43A8 IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 003C436A IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 003C4337 IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 003C471E IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 003C4A23 IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 003C4A7E IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 003C4A7E IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 003C4A23 IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 003C471E IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 003C49F7 IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 003C4A23 IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 003C4A4F IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 003C4A7E IAT C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1592] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 003C4416 IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8 IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337 IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7 IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F IAT C:\Documents and Settings\Owner\Application Data\digifast\digifast.exe[1644] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8 IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337 IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7 IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\vdmwm.exe[1692] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404416 IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004043A8 IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040436A IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404337 IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040471E IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00404A23 IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00404A7E IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00404A7E IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00404A23 IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040471E IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 004049F7 IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00404A23 IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00404A4F IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00404A7E IAT C:\WINDOWS\system32\rundll32.exe[1848] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404416 IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404416 IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004043A8 IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040436A IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404337 IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404416 IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040471E IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00404A23 IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00404A7E IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 004049F7 IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00404A23 IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00404A4F IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00404A7E IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00404A7E IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00404A23 IAT C:\Program Files\Messenger\msmsgs.exe[1888] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040471E IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8 IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337 IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7 IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\WINDOWS\System32\hkcmd.exe[1956] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe[1960] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\Explorer.EXE [uSER32.dll!GetMessageW] 00D54A23 IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\Explorer.EXE [uSER32.dll!PeekMessageW] 00D54A7E IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00D54416 IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00D543A8 IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00D5436A IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00D54337 IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 00D549F7 IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00D54A23 IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00D54A4F IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00D54A7E IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!PeekMessageW] 00D54A7E IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetMessageW] 00D54A23 IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00D5471E IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00D5471E IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00D54A23 IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00D54A7E IAT C:\WINDOWS\Explorer.EXE[2004] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00D54416 IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8 IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337 IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageA] 001349F7 IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageA] 00134A4F IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013471E IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetMessageW] 00134A23 IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!PeekMessageW] 00134A7E IAT C:\Documents and Settings\Owner\Desktop\gmer\gmer.exe[3564] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416 IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DD6C07] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DD7832] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DDE927] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 00000000 IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [7C80E94F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [7C90FF2D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [7C9174E9] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [7C80EA2B] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [7C80C068] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [7C80978A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [7C80A0E4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [7C809A19] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C809C08] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C810647] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80BDC6] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C830D94] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C809B57] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C80180E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C810B9E] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C801A24] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C90FE21] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C831EF5] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C860B1F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C835E12] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C802442] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C801E16] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C802520] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C830A01] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C8092B8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C80BE11] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C9010E0] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C901000] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C809F01] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C809740] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C8098FB] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C81CE13] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C91137A] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C801625] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C834D89] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C80ABD1] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809E11] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C809E89] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C9100C4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C809776] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 00000000 IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [771248C0] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7712503F] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [77125010] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [771250DE] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [77124920] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [77124B59] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7714C780] C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 00000000 IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [77F72240] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [77F8C41E] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [77F6818C] C:\WINDOWS\system32\SHLWAPI.dll (Shell Light-weight Utility Library/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 00000000 IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [77D6FE82] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [77D4EEF7] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [77D4DB62] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [77D4BD8E] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [77D48A58] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [77D4D935] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [77D6F7A8] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [77D6E083] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [77D85B10] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [77D6EDC3] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [77D4B7DB] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [77D4FDAE] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [77D48F75] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [77D4EEE5] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [77D6FCB2] C:\WINDOWS\system32\USER32.dll (Windows XP USER API Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00000000 IAT C:\WINDOWS\System32\svchost.exe[3896] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [771B7138] C:\WINDOWS\system32\WININET.dll (Internet Extensions for Win32/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\NDIS \Device\Ndis [81A8D982] NDIS.sys[.reloc] ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys (size mismatch) 182656/182912 bytes executable File C:\WINDOWS\system32\dllcache\ndis.sys (size mismatch) 213376/182912 bytes executable File C:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 213376/182912 bytes executable File C:\WINDOWS\system32\ntos.exe 191488 bytes executable File C:\WINDOWS\system32\wsnpoem 0 bytes File C:\WINDOWS\system32\wsnpoem\audio.dll 0 bytes File C:\WINDOWS\system32\wsnpoem\video.dll 36086 bytes File C:\WINDOWS\$NtServicePackUninstall$\ndis.sys (size mismatch) 161536/182912 bytes executable ---- EOF - GMER 1.0.15 ----
  15. Checking Files : No Trojan Files Found Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-12 18:45:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\system32\ntos.exe 191488 bytes executable C:\WINDOWS\system32\wsnpoem C:\WINDOWS\system32\wsnpoem\audio.dll 0 bytes C:\WINDOWS\system32\wsnpoem\video.dll 36086 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 4 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files : Files with Hidden Attributes : Mon 16 Jun 2008 5,237 A..H. --- "C:\TEMP\t4.bak" Tue 17 Jun 2008 8,941 A..H. --- "C:\TEMP\t4.bak1" Tue 17 Jun 2008 9,458 A..H. --- "C:\TEMP\t4.bak2" Sat 23 Aug 2008 6,464 A..H. --- "C:\TEMP\t4.bak3" Mon 20 Apr 2009 15,001 ...H. --- "C:\WINDOWS\temp\d4dhv2gu.exe" Fri 1 May 2009 15,001 ...H. --- "C:\WINDOWS\temp\j1icns6s.exe" Thu 30 Apr 2009 15,001 ...H. --- "C:\WINDOWS\temp\kscs4o5ayb.exe" Thu 23 Apr 2009 15,001 ...H. --- "C:\WINDOWS\temp\ml2i872r.exe" Mon 4 May 2009 15,001 ...H. --- "C:\WINDOWS\temp\mvtmymxi.exe" Sun 3 May 2009 15,001 ...H. --- "C:\WINDOWS\temp\ur40dz.exe" Fri 11 Jul 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Thu 12 Mar 2009 158,426 ...H. --- "C:\Program Files\Yahoo! Games\Finders Keepers\Uninstall.exe" Tue 5 May 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Sat 20 Dec 2008 7,478,208 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\351c39c58af1240d8e8a02f54010533a\BIT32.tmp" Fri 20 Jun 2008 8,723,064 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5addd6f775e0368f244f62c739d66dd4\BIT58.tmp" Fri 17 Oct 2008 7,281,784 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7ab777f7de3e6e633438f06ba30269aa\BIT46.tmp" Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe" Finished!