Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help

Started by rumdup , Feb 05 2007 08:49 PM

  • This topic is locked This topic is locked

#1
rumdup
Posted 05 February 2007 - 08:49 PM

rumdup

    Member

  • Member
  • PipPip
  • 43 posts
Can anyone troubleshoot this log for potential errors? My Internet firewall/antivirus keeps informing me that I have blocked worms, bugs and slugs.....lol. I appreciate the help. Here is the Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 8:43:59 PM, on 2/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\taskmgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\{88943115-058C-1033-0224-030621020001}\Update.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
c:\program files\softwin\bitdefender10\bdmcon.exe
C:\Program Files\limewire\limewire.exe
C:\Documents and Settings\G\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uthscsa.edu/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: dllhost.exe
O4 - Global Startup: taskmgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1165804355775
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • 0

Advertisements

#2
miekiemoes
Posted 06 February 2007 - 07:21 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

It is important you don't miss a step and perform everything in the right order!!

Please disable Spywareguard.
Double-click the red SG icon in your system tray.
Click "Options".
Under General, uncheck all 3 options, then click "Save Settings"
Close Spywareguard.
We will enable it once your system is clean.

* Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Reboot afterwards! Important!

--------------------
After reboot....

* Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.gee...xplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program

-------------------

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - Global Startup: dllhost.exe
O4 - Global Startup: taskmgr.exe
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)

* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Don't worry if some entries won't go away, we'll deal with that later...

---------------------

Please download, install, and update AVG Anti-Spyware
  • Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close AVG Anti-Spyware and reboot!!
    I need the log later.
-------------------------

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post next logs in your following reply:

* Log from combofix (combofix.txt)
* New HijackThislog
* Log from AVG Antispyware (in case when the log is TOO long, go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to it and browse to the AVG Antispyware log you saved and submit it there.)

You may need several replies to post the logs in case they won't fit in one reply.
  • 0

#3
rumdup
Posted 06 February 2007 - 08:51 AM

rumdup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I got to the fix.reg part and upon clicking on it to merge, I get the following message: Another program is using this file.

So I can't get to the reboot or other possible steps?

What to do?
  • 0

#4
miekiemoes
Posted 06 February 2007 - 09:16 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
I already see what is causing this... and that's the fact that a dummy regedit.com is created.

Let's change order of the fix.

I asked you to run the Fix.reg first and then Perform the step with Brute Force Uninstaller..

Well, perform the Brute Force Uninstaller step first and then try to merge fix.reg again. That should work.
Then perform the rest of my steps.
  • 0

#5
rumdup
Posted 06 February 2007 - 12:44 PM

rumdup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Still same error message: This file is in use by another program?
  • 0

#6
miekiemoes
Posted 06 February 2007 - 12:58 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Skip the step with fix.reg and proceed with the other steps. :whistling:
  • 0

#7
rumdup
Posted 06 February 2007 - 02:27 PM

rumdup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:02:53 PM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\G\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uthscsa.edu/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: dllhost.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1165804355775
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

AVG Log:
+ Created at: 12:09:19 PM 2/6/2007

+ Scan result:



C:\Documents and Settings\All Users\Start Menu\Programs\Startup\__delete_on_reboot__t_a_s_k_m_g_r_._e_x_e_ -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\Adobe Acrobat 7.0 Professional Keygen.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\Adobe Acrobat 7.0.8 Professional.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\Adobe Acrobat Professional 7.0.8 Corporate.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\1 Click Fixer Plus v4.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\12Ghosts StartupGuard v8.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\1944 Battle Of The Bulge.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\1CLICK DVD Copy Pro 2.4.1.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\1Click DVD Copy 5.0.2.7.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\1Click DVD Copy Pro 2.3.1.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\1Click DVD Copy Pro 2.4.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\1Click DVD Movie 3.0.0.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\1Click DVD Movie v3.0.0.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\1Click Fixer Plus 4.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\1Click Fixer Plus v.4.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\1st Choice FTPPro v8.76.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\1st Security Agent v7.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\28 Days Later DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\2D Designer v.2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\7 Sins iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\ACDSee 9.0 Photo Manager.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\AJC Active Backup v1.5.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\AJC Diff v1.8.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\AJC Directory Synchronizer v2.6.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\AJC Grep v1.3.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\AbiWord 2.5.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Absolute Uninstaller v2.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Abyss Web Server X2 2.3.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Acoustica Mixcraft v3.0 BETA 10.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\AcroPlot Pro 2007 Build 2007.01.24.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Acronis Universal Restore BootCD.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Adobe Acrobat 8 Professional Full Dvd.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Adobe Captivate 2.0.0 Build 1177.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Adobe Captivate 2.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Adobe Captivate v2.0.0 b1177.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Adobe Creative Suite v2.0 Premium.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Adobe Flex Builder 2.0.155577.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Advanced Encryption Package 2007 Professional 4.5.12.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Alcohol 120 1.9.6.4719.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Allok Video to MP4 Converter v.2.6.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Amadis DVD Ripper v2.0.9.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\American Pie 5 The Naked Mile 2006 UNRATED R3 NTSC DVDR.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\American Shopper.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Ankh.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Ap Document To PDF v3.0.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Apex Video Converter Super v5.32.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Apocalyptica - The Life Burns Tour 2006 DVD-Rip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Apocalypto DVDSCR XviD 2006-iMBT.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Arthur und die Minimoys TS Xvid German.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Ashampoo Burning Studio 6.50.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Ashampoo Burning Studio v6.50.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Audio Record Expert 2.0.2007.201.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Audio Record Expert v2.0.2007.201.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Audio Sliders 4.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Audio Sliders v.4.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Audiosoft eJukebox v4.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\AutoCAD 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Autodesk 3DS Max 8.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Autodesk Maya 8.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\BSplayer Pro 2.12.941.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\BWMeter v2.6.4.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Backspin Billiards Deluxe 1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Bad Copy Pro 3.80.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Badder Adder v2.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Battlefield 1942.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Battlestations Midway.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Beerfest (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Belltech Greeting Card Designer 4.3.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Belltech Greeting Card Designer v4.3.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\BitDefender 10.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Blood And Chocolate.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Blood Diamond DVDSCR Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Blue October - Foiled (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Borland Developer Studio 2006 Architect.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Bratz Babyz.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Broken Sword The Angel Of Death.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Broken Trail 2006 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\BurnQuick v4.8.4.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\C++ By Dissection - Addison Wesley.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\C++ Plus Data Structures Third Edition - Jones and Bart.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Cakewalk Guitar Tracks Pro 3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Call of Duty United Offensive.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Caricature PhotoS v3.0.0.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Cars 2006 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Charlottes Web (DVD HQ).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Cheetah DVD Burner v.2.02.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\City Of God DVDRiP XviD.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Color7 Video Converter v7.9.6.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Color7 Video Studio ver. 7.9.6.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Constantine.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\ConvertXtoDVD v2.1.12.214.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\CopyToDVD v4.0.3.54.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Core C++ A Software Engineering Approach - Prentice Hal.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Corel Draw Graphics Suite X3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\CorelDraw Graphics Suite X3 SP2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Crash DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Crazy Crash Racing.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Crazy Frog Racer-RELOADED iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Creature Creator 1.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Cucusoft DVD to iPod Converter v5.23.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Cult 2007 DvdRip Xvid-TrusT.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Cyberlink PowerCinema 5.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\DFX Audio Enhancer 8.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\DVD Identifier 5.0.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\DVD ReBuilder 1.21 PRO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\DVD-Cloner IV 4.10 Build 914.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\DVDFab Platinum 3.0.7.0 Final.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\DVDFab Platinum 3.0.7.2 - Final.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\DVDFab Platinum 3.0.7.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\DVDFab Platinum v3.0.7.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Darts Double Top Deluxe.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Data Restore 1.9.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Database Design Manual Using MySQL for Windows - Spring.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Day Break - S01E07.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Day Break - S01E08.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Deal or No Deal.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Decoys The Second Seduction 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Deep Freeze 6.10.221.1616.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Deja Vu.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Designing a Wireless Network - Syngress.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Designing and Building Enterprise DMZs - Syngress.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\DeskCalc Business Pro 4.1.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\DeskCalc Business Pro v4.1.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Deus Ex Invisible War.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Devil May Cry 3 Special.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Digital Image Processing 3rd Edition - Addison Wesley.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Digital MediaRescue Pro 4.2.154.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Direct MIDI to MP3 Converter 3.0.5.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Disk Password Protection 4.8.930.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\DiskTrix UltimateDefrag v1.28.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\DivX Pro 6.5.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\DivX Pro 6.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Drawing Dynamic Hands - Watson Guptill.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Dreamgirls CAM iNT READNFo-MrNiCeGuY.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Dreamgirls.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Duplicate File Detector v1.9.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Duplicate File Detector ver. 1.9.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\E-Speaking 3.7.1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\EDIUS Pro 4.02.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\ESF Database Convert Professional v5.5.62.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\EVEREST Ultimate Edition 3.50.873.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\EarthView v3.6.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\EditPlus v2.30 build 315.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Epic Movie TS Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Epic.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Everest Ultimate ver. 3.80.885 Beta.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Evil Bong 2006 DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\ExcellenceSoft Flash Speed 200 3.4.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\F-Secure Internet Security 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\FTP Commander Deluxe 7.82.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Fable The Lost Chapters.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\FastPaste 2.541.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\File Monster v2.7.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\FileMerlin v6.0 DC 0125200.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\FinePrint Pdf Factory Pro ver. 3.15.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Flash Saver Gold 6.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Flash Saver Gold v6.50.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\FlyChat 1.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\FlyChat v1.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Football Manager 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Framing Studio v1.54.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Freakshow 2007 DVDRip XviD-CiRTAL.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Fresh UI 7.76.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\FrostWire v4.13.1.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Fruity Loops Studio 7.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\FruityLoops Studio Producer Ed XXL 7.0.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Full Speed - Internet broadband connection v2.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Fun Morph v4.45.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Game-Cloner 1.25.01.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\GameBoost v1.1.29.2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Gammadyne Mailer v29.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Glary Utilities v1.8.0.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Glarysoft Registry Repair 2.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Gogglebox TV on PC Software 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Good Night, and Good Luck. DVDRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Google Earth 3 Pro.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Google Earth Pro 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Google Earth Pro 3.0.0529.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Graphics Converter Pro v6.80.70112.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\HD DVD Demuxer v1.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Hacking GPS.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Hacking Google Maps and Google Earth.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Heatseek Gold Edition-v1.0.0.60.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Hellboy Sword Of Storms.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Henry Kellner Photoplorer 3.02.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Henry Kellner Photoplorer v.3.02g.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Heroes Of The Pacific.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Hirens BootCD 8.8.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Hiroshima.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\History Sweeper v.2.78.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\History Sweeper v2.78.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\History Sweeper ver.2.78.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Hitman Blood Money.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Hollywoodland (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Hollywoodland.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Homeworld Cataclysm.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\HotMail v.2.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\IDM UltraSentry 3.10.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\IOIO Search And Recover V.3.0c.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Icewind Dale II.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\ImTOO DVD Copy Express 1.1.8.0122.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Image Icon Converter v1.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\ImageBadger 4.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Incredimail Gold.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Internet Cyclone 1.92.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Internet Download Manager 5.08 Build 4.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Internet Download Manager 5.08 Build 5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Internet Download Manager 5.08.5.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Internet Download Manager 5.08.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Internet Download Manager v5.08 Build 4.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Internet Download Manager v5.08 Build.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Internet TV Radio Player 4.0.0.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Internet TV & Radio Player v4.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\JetAudio 6.2.8 Plus.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Jewel Quest 2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\John Tucker Must Die (2006).rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Junior Icon Editor 3.01.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Jurassic Park Operation Genesis.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Just My Luck 2006 DVDrip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Kaspersky Anti-Virus v6.0.2.614.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Kaspersky Internet Security v6.0.2.614.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\King Kong DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Knife Fighting Manual.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Knoos-Soft MP3 Rectifier 1.6.87.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Learn JavaScript in a Weekend.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Leroy and Stitch.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Lifetime RSVP.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\LimeWire PRO 4.13.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Liverpool Football Club Movie Champions Of Europe 2005.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Locomania.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Lonely Hearts DVDRip XviD 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Lord Of War DVD Blu-Ray Rip - HD.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Lost Idols.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\MP3 To Ringtone Gold 5.02.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\MP4Converter Soft Apple TV Video Converter v.3.1.23.013.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Magic Utilities 2007 5.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Magic Utilities 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Magic Utilities 5.00.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Malcom in the middle Full season 7 HDTVRip Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Manhattan Chase.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\MaxiVista MirrorPro v.3.0.0.26.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\MaxiVista MirrorPro v3.0.0.26.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Maxthon 2.0.1 Build 6526 Beta 4.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\McAfee Installation Designer v8.5.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Mcafee Firewall v.8.5 Corporate Edition.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Medieval II Total War - RELOADED Pc.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Mein Fhrer DVDRip Xvid German.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\MemMonster 4.70.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Mercury Man 2006 DVDRip XviD-ZY.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Micro-Scope 12.00l.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Micro-Scope 12.00r.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Microsoft Office 2006 Enterprise Final.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Microsoft PictureIt Photo Premium 10.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Microsoft Plus SuperPack for Windows XP.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Microsoft Plus.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Microsoft Windows Vista - Ultimate Edition DVD ISO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Microsoft Windows Vista Final 2006.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Mini Lyrics 4.6.2280.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Mobile Net Switch v3.60.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Mobile Phone Unlocking 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Mobile Ringtone Converter v 2.3.41.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Monster Truck Challenge German.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Multimedia Builder 4.9.7.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\My Mother Is A Belly Dancer 2006 DVDRip XViD-ESPiSE.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\MyDVD 8 Premier + FIX.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\MySpace Friend Blaster Pro v5.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\MySpace FriendBlasterPro v5.6.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\NERO 7.5.1.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\NHL 06 CLONE-ADDICTION iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\NICI Picture Downloader v2.01.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\NOD32 2.7.26.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\NVidia DVD Player v2.55.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Nature Illusion Studio 1.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Need For Speed Carbon ISO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Net Peeker 2.83.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Net Peeker Ver2.83.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Network Magic 2.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Nico’s Commander v5.60.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Night At The Museum TS Xvid.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Night At The Museum.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Ninja Surfing Hide IP 1.2.35.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\O'Reilly The Missing Manual - Access 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\O'Reilly The Missing Manual - Windows Vista.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\O'Reilly The Missing Manual - Word 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\O&O Defrag 8.6 Pro.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Okoker CD and DVD Burner v2.1.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Outlook Express Protector 2.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\PC Today Magazine - March 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\PHP Designer 2007 Professional v.5.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\PHP Designer 2007 Professional v5.2.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\PHP Designer 2007 pro 5.1.3.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Panda Antivirus 2007 2.01.00.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Panda Antivirus 2007 v2.01.00.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Pans Labyrinth 2006 DVDRip XviD-PosTX.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\ParaWorld iSO.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Paradise Now DVDRip.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Pathfinder 2007.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\PerfectDisk v.8.0.50 Server Edition.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\PhotoFiltre Studio 8.1.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Piano FX Studio v4.0.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Piano Professor v.3.02c.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Piano Professor v3.02c.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Picasa 2.6.0 Build 36.19.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G\My Documents\Gary\_\Picture Ripper v.3.59.rar/Setup.exe -> Backdoor.IRCBot.dd : Cleaned with backup (quarantined).
C:\Documents and Settings\G&
  • 0

#8
rumdup
Posted 06 February 2007 - 02:33 PM

rumdup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Avg log too long and submitted via your instruct
  • 0

#9
miekiemoes
Posted 06 February 2007 - 03:16 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

Can you also perform the step with Combofix please?
  • 0

#10
rumdup
Posted 06 February 2007 - 04:29 PM

rumdup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Could not get that program to produce a log. When I double click on it, there is just a black screen that displays and then momentarily disapears.
  • 0

Advertisements

#11
miekiemoes
Posted 06 February 2007 - 05:05 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Looks like you didn't perform The Brute Force Uninstaller step properly and that's why combofix doesn't run since it's reading the com files instead.

I'll let you delete it in another way, since I also need a sample from your system, so Alcanshorty can get updated.
Perform next step please (I'll let you delete the dummy com files as well)

* Download Killbox.
Click killbox.exe.
Select the option "Delete on reboot".
Click the button: All Files (!important!)
Now it should flash green.

Now copy the next bold part:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tracert.com

Open 'file' in the killboxmenu on top and choose Paste from clipboard

Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.

Your computer should reboot now.

After reboot,
Go to your C:\ and search for the folder !Killbox
Rightclick the folder and select "Copy to" >> "compressed/zipped folders" from the context menu.
This should create Killbox.zip.

Now, Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to it and browse to C:\Killbox.zip , select it and click ok:

Then click the Send File button below.

Then perform the step with Brute Force Uninstaller once again, but make sure you do it exactly as described!

* Download Brute Force Uninstaller.
Unzip it to a folder of it’s own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.gee...xplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program


Then run Combofix again and post the log in your next reply together with a new Hijackthislog.
  • 0

#12
rumdup
Posted 06 February 2007 - 09:39 PM

rumdup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
"G" - 07-02-06 21:31:57 Service Pack 2
ComboFix 07-02-06.3 - Running from: "C:\Documents and Settings\G\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\INSTALL.LOG
C:\WINDOWS\system32\setup.exe.tmp
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\unsvchosts.exe
C:\Program Files\Common Files\{88943~1
C:\Program Files\Common Files\{88943~2
C:\DOCUME~1\G\Application Data\SearchToolbarCorp
C:\Program Files\VSAdd-in


((((((((((((((((((((((((((((((( Files Created from 2007-01-06 to 2007-02-06 ))))))))))))))))))))))))))))))))))


2007-02-06 21:24 <DIR> d-------- C:\bfu
2007-02-06 21:04 <DIR> d-------- C:\!KillBox
2007-02-06 20:33 44,165 --a------ C:\WINDOWS\system32\ryjyxgia.dll
2007-02-06 20:33 118,804 --a------ C:\WINDOWS\system32\ljmgdxef.dll
2007-02-06 20:32 974,741 ---hs---- C:\WINDOWS\system32\vybeg.bak1
2007-02-06 20:32 88,340 --a------ C:\WINDOWS\system32\diliasrf.exe
2007-02-06 20:32 76,412 --a------ C:\WINDOWS\system32\exnaafer.dll
2007-02-06 20:32 277,265 ---hs---- C:\WINDOWS\system32\gebyv.dll
2007-02-06 19:26 22,686 ---hs---- C:\WINDOWS\system32\fccabbb.dll
2007-02-06 12:56 393,216 --a------ C:\WINDOWS\system32\hui.exe
2007-02-06 12:55 78,360 --a------ C:\Program Files\uy.exe
2007-02-06 12:40 <DIR> d-------- C:\bintheredunthat
2007-02-06 09:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-06 09:05 <DIR> d-------- C:\Program Files\Grisoft
2007-02-05 13:47 <DIR> d-------- C:\DOCUME~1\G\Application Data\Bitdefender
2007-02-05 13:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\BitDefender
2007-02-05 13:11 148 --a------ C:\DOCUME~1\G\ggg.bat
2007-02-05 10:00 417,792 --a------ C:\Program Files\Video.exe
2007-02-05 10:00 417,792 --a------ C:\Program Files\Track_03.exe
2007-02-05 10:00 393,216 --a------ C:\WINDOWS\system32\hhhl.exe
2007-02-05 10:00 393,216 --a------ C:\Program Files\Setup.exe
2007-02-05 10:00 148 --a------ C:\WINDOWS\system32\ggg.bat
2007-02-05 09:59 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-02-05 09:18 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-02-05 09:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe Systems
2007-02-03 18:24 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-02-03 18:19 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-01-18 17:59 <DIR> d-------- C:\DOCUME~1\G\Application Data\MSN6
2007-01-18 17:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\MSN6
2007-01-12 19:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\FLEXnet
2007-01-12 19:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-12 18:03 <DIR> d-------- C:\DOCUME~1\G\Application Data\BitTorrent
2007-01-12 18:02 <DIR> d-------- C:\Program Files\BitTorrent


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-06 18:43 25214 --a------ C:\Program Files\b.ico
2007-02-06 18:43 25214 --a------ C:\Program Files\a.ico
2007-02-06 18:43 218606 --a------ C:\Program Files\c.zip
2007-02-06 18:43 217706 --a------ C:\Program Files\b.zip
2007-02-06 18:43 201627 --a------ C:\Program Files\a.zip
2007-02-06 09:09 -------- d-------- C:\Program Files\mozilla firefox
2007-02-06 08:57 -------- d-------- C:\Program Files\spywareblaster
2007-02-05 13:34 14 --a------ C:\WINDOWS\system32\getfile.dat
2007-02-05 09:43 -------- d-------- C:\Program Files\Common Files\adobe
2007-02-03 19:13 -------- d-------- C:\Program Files\google
2007-02-03 18:24 -------- d-------- C:\Program Files\java
2007-02-03 18:22 -------- d-------- C:\Program Files\creative
2007-02-03 16:27 -------- d-------- C:\DOCUME~1\G\Application Data\limewire
2007-01-30 09:53 -------- d---s---- C:\DOCUME~1\G\Application Data\microsoft
2007-01-12 19:43 -------- d-------- C:\DOCUME~1\G\Application Data\adobe
2007-01-10 18:53 -------- d-------- C:\Program Files\absolute sound recorder
2007-01-03 11:42 -------- d-------- C:\Program Files\uninstall body mass index calculator
2007-01-03 11:42 -------- d-------- C:\Program Files\body mass index calculator
2007-01-01 12:46 -------- d-------- C:\Program Files\acoustica audio converter pro
2007-01-01 11:34 -------- d-------- C:\Program Files\limewire
2007-01-01 09:55 -------- d--h----- C:\Program Files\installshield installation information
2006-12-26 14:27 -------- d-------- C:\DOCUME~1\G\Application Data\sun
2006-12-26 12:50 -------- d-------- C:\DOCUME~1\G\Application Data\playfirst
2006-12-26 12:49 -------- d-------- C:\Program Files\disney
2006-12-21 13:37 -------- d-------- C:\DOCUME~1\G\Application Data\versiontracker pro
2006-12-21 12:54 -------- d-------- C:\Program Files\windows media connect 2
2006-12-21 12:42 -------- d-------- C:\DOCUME~1\G\Application Data\sony corporation
2006-12-21 11:44 -------- d-------- C:\Program Files\acoustica cd label maker
2006-12-21 11:44 -------- d-------- C:\DOCUME~1\G\Application Data\help
2006-12-21 11:42 -------- d-------- C:\Program Files\sony
2006-12-21 11:42 -------- d-------- C:\Program Files\Common Files\sony shared
2006-12-21 11:42 -------- d-------- C:\Program Files\Common Files\installshield
2006-12-20 21:17 -------- d-------- C:\DOCUME~1\G\Application Data\ripit4me
2006-12-19 17:48 -------- d-------- C:\Program Files\ripit4me
2006-12-19 17:47 -------- d-------- C:\Program Files\dvd shrink
2006-12-19 17:46 -------- d-------- C:\Program Files\dvd decrypter
2006-12-19 07:43 -------- d-------- C:\Program Files\spywareguard
2006-12-12 12:26 -------- d-------- C:\DOCUME~1\G\Application Data\macromedia
2006-12-11 14:02 0 --a------ C:\WINDOWS\nsreg.dat
2006-12-11 14:02 -------- d-------- C:\DOCUME~1\G\Application Data\mozilla
2006-12-11 13:52 -------- d-------- C:\Program Files\msxml 4.0
2006-12-11 13:52 -------- d-------- C:\Program Files\messenger
2006-12-11 13:23 -------- d-------- C:\Program Files\registryfix
2006-12-11 10:26 2293 --a------ C:\WINDOWS\mozver.dat
2006-12-11 10:26 107132 --a------ C:\WINDOWS\uninstallfirefox.exe
2006-12-11 08:31 -------- d-------- C:\Program Files\movie maker
2006-12-11 08:24 -------- d-------- C:\Program Files\windows nt
2006-12-10 20:50 -------- d--h----- C:\Program Files\zero g registry
2006-12-10 20:50 -------- d-------- C:\Program Files\ferri's clinical advisor 2005
2006-12-10 20:45 -------- d-------- C:\DOCUME~1\G\Application Data\google
2006-12-10 20:33 -------- d--h----- C:\Program Files\windowsupdate
2006-12-10 20:25 -------- d-------- C:\Program Files\hpnd10
2006-12-10 19:56 28921 --a------ C:\WINDOWS\hpoins03.dat
2006-12-10 19:53 -------- d-------- C:\Program Files\hp
2006-12-10 19:52 -------- d-------- C:\Program Files\Common Files\hewlett-packard
2006-12-10 19:49 -------- d-------- C:\Program Files\Common Files\hp
2006-12-10 19:29 -------- d-------- C:\DOCUME~1\G\Application Data\acoustica
2006-12-10 19:28 -------- d-------- C:\Program Files\sony corporation
2006-12-10 19:26 20576 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-12-10 19:26 151552 --------- C:\WINDOWS\system32\pxwma.dll
2006-12-10 19:26 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-12-10 19:26 104960 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-12-10 19:26 -------- d-------- C:\Program Files\Common Files\ahead
2006-12-10 19:26 -------- d-------- C:\Program Files\ahead
2006-12-10 19:25 -------- d-------- C:\Program Files\yahoo!
2006-12-10 19:23 -------- d-------- C:\Program Files\Common Files\java
2006-12-10 19:15 -------- d-------- C:\Program Files\avrack
2006-12-10 19:15 -------- d-------- C:\Program Files\avance sound manager
2006-12-10 17:17 -------- d-------- C:\Program Files\microsoft.net
2006-12-10 17:17 -------- d-------- C:\Program Files\microsoft activesync
2006-12-10 17:12 -------- d-------- C:\DOCUME~1\G\Application Data\identities
2006-12-10 17:07 0 -rahs---- C:\MSDOS.SYS
2006-12-10 17:07 0 -rahs---- C:\IO.SYS
2006-12-10 17:07 0 --a------ C:\CONFIG.SYS
2006-12-10 17:07 0 --a------ C:\AUTOEXEC.BAT
2006-12-10 17:07 -------- d-------- C:\Program Files\microsoft frontpage
2006-12-10 17:05 -------- d-------- C:\Program Files\online services
2006-12-10 17:04 -------- d-------- C:\Program Files\Common Files\mssoap
2006-12-10 17:03 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2006-12-10 17:03 -------- d-------- C:\Program Files\msn gaming zone
2006-12-10 10:00 62 --ahs---- C:\DOCUME~1\G\Application Data\desktop.ini
2006-12-10 10:00 -------- d-------- C:\Program Files\Common Files\speechengines
2006-12-10 10:00 -------- d-------- C:\Program Files\Common Files\odbc
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg"
"BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"p2p networking"="p2pnetworking.exe"
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\ljmgdxef.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
"backup"="C:\\WINDOWS\\pss\\Acrobat Assistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Distillr\\AcroTray.exe "
"item"="Acrobat Assistant"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTracker Pro.lnk]
"backup"="C:\\WINDOWS\\pss\\VersionTracker Pro.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{0EB58CEE-07A5-43E6-9D68-69C0B38C13E1}\\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe /hide"
"item"="VersionTracker Pro"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SsAAD"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="sockspy.dll"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{6AAC65E6-4DE2-4766-9352-2960C2BC6F54}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccabbb
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1165802195.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-06 21:36:19


Here is hijack log too:

Logfile of HijackThis v1.99.1
Scan saved at 9:38:59 PM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\G\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uthscsa.edu/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\ljmgdxef.dll",setvm
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1165804355775
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • 0

#13
miekiemoes
Posted 07 February 2007 - 04:05 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Yuck,

Now one infection is gone and now another one installed on top.

I need some samples from your system again, but first, I want you to delete the C:\!Killbox-folder and C:\!Killbox.rar
Don't delete Killbox itself!.
Reason I want you to delete these first is because you have to use Killbox again, so the C:\!Killbox-folder will get recreated again with the new files.

Do next please...

Click killbox.exe.
Select the option "Delete on reboot".
Click the button: All Files (!important!)
Now it should flash green.

Now copy the next bold part:

C:\WINDOWS\system32\hui.exe
C:\Program Files\uy.exe
C:\DOCUME~1\G\ggg.bat
C:\Program Files\Video.exe
C:\Program Files\Track_03.exe
C:\WINDOWS\system32\hhhl.exe
C:\Program Files\Setup.exe
C:\WINDOWS\system32\ggg.bat
C:\WINDOWS\system32\vbzip10.dll
C:\Program Files\b.ico
C:\Program Files\a.ico
C:\Program Files\c.zip
C:\Program Files\b.zip
C:\Program Files\a.zip
C:\WINDOWS\system32\diliasrf.exe

Open 'file' in the killboxmenu on top and choose Paste from clipboard

Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.

Your computer should reboot now.

After reboot, rightclick the !Killbox folder once again and choose to compress it, so it creates the Killbox.rar (guess you are using Winrar here).
Then upload the Killbox.rar to the same channel as you did before.

When done,

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccabbb]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyv]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6AAC65E6-4DE2-4766-9352-2960C2BC6F54}"=-

[-HKEY_CLASSES_ROOT\CLSID\{6AAC65E6-4DE2-4766-9352-2960C2BC6F54}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"p2p networking"=-
"DllRunning"=-

Save this as fix2.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)
This should work this time...

Please read next instructions very carefully,because you have to run Combofix again, but in a different way this time, using a command prompt.
To do this, go to start > run and copy and paste next command in the field:

"C:\Documents and Settings\G\Desktop\combofix.exe" /v gebyv fccabbb exnaafer ljmgdxef ryjyxgia

Please make sure you copy and paste it exactly! Then hit enter.
This should start Combofix again and will reboot your Computer afterwards.
After reboot, the combofix.txt should open. Copy and paste this in your next reply together with the new Hijackthislog.

Edited by miekiemoes, 07 February 2007 - 04:05 AM.

  • 0

#14
miekiemoes
Posted 07 February 2007 - 02:00 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

You zipped killbox.exe, you were supposed to zip the C:\Killbox-folder after you performed my steps with Killbox, so please read my instructions again. :whistling:
  • 0

#15
rumdup
Posted 07 February 2007 - 02:35 PM

rumdup

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
"G" - 07-02-07 14:00:22 Service Pack 2
ComboFix 07-02-06.3 - Running from: "C:\Documents and Settings\G\Desktop"
Command switches used :: /v gebyv fccabbb exnaafer ljmgdxef ryjyxgia

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\fccabbb.dll
C:\WINDOWS\system32\exnaafer.dll
C:\WINDOWS\system32\ljmgdxef.dll
C:\WINDOWS\system32\ryjyxgia.dll
C:\WINDOWS\system32\vybeg.bak1
C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\fexdgmjl.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2007-01-07 to 2007-02-07 ))))))))))))))))))))))))))))))))))


2007-02-07 14:03 <DIR> d-------- C:\WINDOWS\ERDNT
2007-02-07 13:44 <DIR> d-------- C:\!KillBox
2007-02-06 21:24 <DIR> d-------- C:\bfu
2007-02-06 12:40 <DIR> d-------- C:\bintheredunthat
2007-02-06 09:05 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-06 09:05 <DIR> d-------- C:\Program Files\Grisoft
2007-02-05 13:47 <DIR> d-------- C:\DOCUME~1\G\Application Data\Bitdefender
2007-02-05 13:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\BitDefender
2007-02-05 09:18 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-02-05 09:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe Systems
2007-02-03 18:24 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-02-03 18:19 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-01-18 17:59 <DIR> d-------- C:\DOCUME~1\G\Application Data\MSN6
2007-01-18 17:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\MSN6
2007-01-12 19:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\FLEXnet
2007-01-12 19:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-12 18:03 <DIR> d-------- C:\DOCUME~1\G\Application Data\BitTorrent
2007-01-12 18:02 <DIR> d-------- C:\Program Files\BitTorrent


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-06 09:09 -------- d-------- C:\Program Files\mozilla firefox
2007-02-06 08:57 -------- d-------- C:\Program Files\spywareblaster
2007-02-05 13:47 -------- d-------- C:\Documents and Settings\G\Application Data\bitdefender
2007-02-05 13:34 14 --a------ C:\WINDOWS\system32\getfile.dat
2007-02-05 09:43 -------- d-------- C:\Program Files\Common Files\adobe
2007-02-03 19:13 -------- d-------- C:\Program Files\google
2007-02-03 18:24 -------- d-------- C:\Program Files\java
2007-02-03 18:22 -------- d-------- C:\Program Files\creative
2007-02-03 16:27 -------- d-------- C:\Documents and Settings\G\Application Data\limewire
2007-01-30 09:53 -------- d---s---- C:\Documents and Settings\G\Application Data\microsoft
2007-01-18 17:59 -------- d-------- C:\Documents and Settings\G\Application Data\msn6
2007-01-12 19:43 -------- d-------- C:\Documents and Settings\G\Application Data\adobe
2007-01-12 18:11 -------- d-------- C:\Documents and Settings\G\Application Data\bittorrent
2007-01-10 18:53 -------- d-------- C:\Program Files\absolute sound recorder
2007-01-03 11:42 -------- d-------- C:\Program Files\uninstall body mass index calculator
2007-01-03 11:42 -------- d-------- C:\Program Files\body mass index calculator
2007-01-01 12:46 -------- d-------- C:\Program Files\acoustica audio converter pro
2007-01-01 11:34 -------- d-------- C:\Program Files\limewire
2007-01-01 09:55 -------- d--h----- C:\Program Files\installshield installation information
2006-12-26 14:27 -------- d-------- C:\Documents and Settings\G\Application Data\sun
2006-12-26 12:50 -------- d-------- C:\Documents and Settings\G\Application Data\playfirst
2006-12-26 12:49 -------- d-------- C:\Program Files\disney
2006-12-21 13:37 -------- d-------- C:\Documents and Settings\G\Application Data\versiontracker pro
2006-12-21 12:54 -------- d-------- C:\Program Files\windows media connect 2
2006-12-21 12:42 -------- d-------- C:\Documents and Settings\G\Application Data\sony corporation
2006-12-21 11:44 -------- d-------- C:\Program Files\acoustica cd label maker
2006-12-21 11:44 -------- d-------- C:\Documents and Settings\G\Application Data\help
2006-12-21 11:42 -------- d-------- C:\Program Files\sony
2006-12-21 11:42 -------- d-------- C:\Program Files\Common Files\sony shared
2006-12-21 11:42 -------- d-------- C:\Program Files\Common Files\installshield
2006-12-20 21:17 -------- d-------- C:\Documents and Settings\G\Application Data\ripit4me
2006-12-19 17:48 -------- d-------- C:\Program Files\ripit4me
2006-12-19 17:47 -------- d-------- C:\Program Files\dvd shrink
2006-12-19 17:46 -------- d-------- C:\Program Files\dvd decrypter
2006-12-19 07:43 -------- d-------- C:\Program Files\spywareguard
2006-12-12 12:26 -------- d-------- C:\Documents and Settings\G\Application Data\macromedia
2006-12-11 14:02 0 --a------ C:\WINDOWS\nsreg.dat
2006-12-11 14:02 -------- d-------- C:\Documents and Settings\G\Application Data\mozilla
2006-12-11 13:52 -------- d-------- C:\Program Files\msxml 4.0
2006-12-11 13:52 -------- d-------- C:\Program Files\messenger
2006-12-11 13:23 -------- d-------- C:\Program Files\registryfix
2006-12-11 10:26 2293 --a------ C:\WINDOWS\mozver.dat
2006-12-11 10:26 107132 --a------ C:\WINDOWS\uninstallfirefox.exe
2006-12-11 08:31 -------- d-------- C:\Program Files\movie maker
2006-12-11 08:24 -------- d-------- C:\Program Files\windows nt
2006-12-10 20:50 -------- d--h----- C:\Program Files\zero g registry
2006-12-10 20:50 -------- d-------- C:\Program Files\ferri's clinical advisor 2005
2006-12-10 20:45 -------- d-------- C:\Documents and Settings\G\Application Data\google
2006-12-10 20:33 -------- d--h----- C:\Program Files\windowsupdate
2006-12-10 20:25 -------- d-------- C:\Program Files\hpnd10
2006-12-10 19:56 28921 --a------ C:\WINDOWS\hpoins03.dat
2006-12-10 19:53 -------- d-------- C:\Program Files\hp
2006-12-10 19:52 -------- d-------- C:\Program Files\Common Files\hewlett-packard
2006-12-10 19:49 -------- d-------- C:\Program Files\Common Files\hp
2006-12-10 19:29 -------- d-------- C:\Documents and Settings\G\Application Data\acoustica
2006-12-10 19:28 -------- d-------- C:\Program Files\sony corporation
2006-12-10 19:26 20576 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-12-10 19:26 151552 --------- C:\WINDOWS\system32\pxwma.dll
2006-12-10 19:26 108544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-12-10 19:26 104960 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-12-10 19:26 -------- d-------- C:\Program Files\Common Files\ahead
2006-12-10 19:26 -------- d-------- C:\Program Files\ahead
2006-12-10 19:25 -------- d-------- C:\Program Files\yahoo!
2006-12-10 19:23 -------- d-------- C:\Program Files\Common Files\java
2006-12-10 19:15 -------- d-------- C:\Program Files\avrack
2006-12-10 19:15 -------- d-------- C:\Program Files\avance sound manager
2006-12-10 17:17 -------- d-------- C:\Program Files\microsoft.net
2006-12-10 17:17 -------- d-------- C:\Program Files\microsoft activesync
2006-12-10 17:12 -------- d-------- C:\Documents and Settings\G\Application Data\identities
2006-12-10 17:07 0 -rahs---- C:\MSDOS.SYS
2006-12-10 17:07 0 -rahs---- C:\IO.SYS
2006-12-10 17:07 0 --a------ C:\CONFIG.SYS
2006-12-10 17:07 0 --a------ C:\AUTOEXEC.BAT
2006-12-10 17:07 -------- d-------- C:\Program Files\microsoft frontpage
2006-12-10 17:05 -------- d-------- C:\Program Files\online services
2006-12-10 17:04 -------- d-------- C:\Program Files\Common Files\mssoap
2006-12-10 17:03 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2006-12-10 17:03 -------- d-------- C:\Program Files\msn gaming zone
2006-12-10 10:00 62 --ahs---- C:\Documents and Settings\G\Application Data\desktop.ini
2006-12-10 10:00 -------- d-------- C:\Program Files\Common Files\speechengines
2006-12-10 10:00 -------- d-------- C:\Program Files\Common Files\odbc
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg"
"BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
"backup"="C:\\WINDOWS\\pss\\Acrobat Assistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Distillr\\AcroTray.exe "
"item"="Acrobat Assistant"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTracker Pro.lnk]
"backup"="C:\\WINDOWS\\pss\\VersionTracker Pro.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{0EB58CEE-07A5-43E6-9D68-69C0B38C13E1}\\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe /hide"
"item"="VersionTracker Pro"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SsAAD"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="sockspy.dll"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1165802195.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-07 14:06:11
C:\ComboFix2.txt ... 07-02-06 21:36


Logfile of HijackThis v1.99.1
Scan saved at 2:07:51 PM, on 2/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\G\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1165804355775
O20 - Winlogon Notify: gebyv - C:\WINDOWS\system32\gebyv.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP