Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blue Screen of Death, Vundo Variants, and Much Much More. PLEASE Help&

Started by cawris , Jul 31 2008 05:04 PM

  • This topic is locked This topic is locked

#1
cawris
Posted 31 July 2008 - 05:04 PM

cawris

    Member

  • Member
  • PipPip
  • 19 posts
It is taking over day by day. Please help me get rid of this stuff.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:38 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\winver.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: 371186 helper - {27D351C5-4044-4C42-B3FE-33C57B9459C0} - C:\WINDOWS\system32\371186\371186.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {6400f088-580d-fc1b-8534-529f54944319} - {91344945-f925-4358-b1cf-d085880f0046} - C:\WINDOWS\system32\gichrp.dll (file missing)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BM57634934] Rundll32.exe "C:\WINDOWS\system32\lpsgjqkk.dll",s
O4 - HKLM\..\Run: [lphcc1uj0e16a] C:\WINDOWS\system32\lphcc1uj0e16a.exe
O4 - HKLM\..\Run: [SMrhc91uj0e16a] C:\Program Files\rhc91uj0e16a\rhc91uj0e16a.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...O/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10090 bytes
  • 0

Advertisements

#2
emeraldnzl
Posted 01 August 2008 - 02:34 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello cawris,

I am looking at your log and will get back to you in a bit.

regards
emeraldnzl
  • 0

#3
cawris
Posted 01 August 2008 - 07:28 AM

cawris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ok thanks a lot
  • 0

#4
emeraldnzl
Posted 01 August 2008 - 12:53 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again cawris,

Welcome to Geekstogo :)

Please read this post completely, it may make it easier if you copy and paste this post to a new text document or print it for reference later. This will especially help you when your computer is off line.

It is important you carry out instructions exactly in the order they appear.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: 371186 helper - {27D351C5-4044-4C42-B3FE-33C57B9459C0} - C:\WINDOWS\system32\371186\371186.dll
O4 - HKLM\..\Run: [BM57634934] Rundll32.exe "C:\WINDOWS\system32\lpsgjqkk.dll",s
O4 - HKLM\..\Run: [lphcc1uj0e16a] C:\WINDOWS\system32\lphcc1uj0e16a.exe
O4 - HKLM\..\Run: [SMrhc91uj0e16a] C:\Program Files\rhc91uj0e16a\rhc91uj0e16a.exe
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Now

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINDOWS\system32\371186
C:\WINDOWS\system32\lpsgjqkk.dll
C:\WINDOWS\system32\lphcc1uj0e16a.exe
C:\WINDOWS\SYSTEM32\winrkp32.dll
C:\Program Files\rhc91uj0e16a
purity
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Next

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

So when you come back please post
  • OTMoveIt2 results
  • the two DSS logs
  • 0

#5
cawris
Posted 01 August 2008 - 03:33 PM

cawris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
A couple of the HiJackThis things you said to delete were no longer on my results; I don't know if this is a problem or not, but if so I can post another HJT log. Anyway,

* OTMoveIt2 results
Explorer killed successfully
C:\WINDOWS\system32\371186 moved successfully.
File/Folder C:\WINDOWS\system32\lpsgjqkk.dll not found.
C:\WINDOWS\system32\lphcc1uj0e16a.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\winrkp32.dll
C:\WINDOWS\SYSTEM32\winrkp32.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\winrkp32.dll moved successfully.
File/Folder C:\Program Files\rhc91uj0e16a not found.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\Chris\LOCALS~1\Temp\etilqs_V2s2UqE11P1nrzyg3ky0 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\.tt7D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\.tt8E0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\.tt949.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\.tt94C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\.tt94E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\.tt955.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\.tt95F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\win69.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08012008_161956

Files moved on Reboot...
File C:\DOCUME~1\Chris\LOCALS~1\Temp\etilqs_V2s2UqE11P1nrzyg3ky0 not found!
C:\WINDOWS\temp\.tt7D.tmp moved successfully.
C:\WINDOWS\temp\.tt8E0.tmp moved successfully.
C:\WINDOWS\temp\.tt949.tmp moved successfully.
C:\WINDOWS\temp\.tt94C.tmp moved successfully.
C:\WINDOWS\temp\.tt94E.tmp moved successfully.
C:\WINDOWS\temp\.tt955.tmp moved successfully.
C:\WINDOWS\temp\.tt95F.tmp moved successfully.
C:\WINDOWS\temp\win69.tmp moved successfully.


*main.txt
Deckard's System Scanner v20071014.68
Run by Chris on 2008-08-01 16:25:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-08-01 21:26:06 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-07-31 20:52:24 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Chris.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:27:52 PM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\Chris\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chris.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {6400f088-580d-fc1b-8534-529f54944319} - {91344945-f925-4358-b1cf-d085880f0046} - C:\WINDOWS\system32\gichrp.dll (file missing)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SMrhc91uj0e16a] C:\Program Files\rhc91uj0e16a\rhc91uj0e16a.exe
O4 - HKLM\..\Run: [lphcc1uj0e16a] C:\WINDOWS\system32\lphcc1uj0e16a.exe
O4 - HKLM\..\Run: [BM57634934] Rundll32.exe "C:\WINDOWS\system32\lpsgjqkk.dll",s
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...O/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9882 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070807-185348-692 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh....ar.html?src=ssb
backup-20070807-185348-724 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
backup-20070807-185348-901 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh....ar.html?src=ssb
backup-20070807-185348-974 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh....ar.html?src=ssb
backup-20070808-123912-633 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080801-161545-130 O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll
backup-20080801-161545-351 O4 - HKLM\..\Run: [lphcc1uj0e16a] C:\WINDOWS\system32\lphcc1uj0e16a.exe
backup-20080801-161545-442 O2 - BHO: 371186 helper - {27D351C5-4044-4C42-B3FE-33C57B9459C0} - C:\WINDOWS\system32\371186\371186.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Component 1.0>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S2 npkcrypt - c:\program files\nexon\maplestory\npkcrypt.sys (file missing)
S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - e:\instal~e\core\bvrpmpr5.sys (file missing)
S3 sejt1 - c:\documents and settings\chris\desktop\hacks\akuma\akuma\sejt.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
R2 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
R2 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 1.0>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01C91028&REV_02\4&2FA23535&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01C91028&REV_02\4&2FA23535&0&00F0
Service: bcm4sbxp

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: AN4DPZV7 IDE Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&0
Manufacturer: (Standard mass storage controllers)
Name: AN4DPZV7 IDE Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
Service: akr0fj6k


-- Scheduled Tasks -------------------------------------------------------------

2008-07-26 03:00:01 488 --a------ C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
2007-06-24 18:28:29 106 --a------ C:\WINDOWS\Tasks\Low Battery Alarm Program.job


-- Files created between 2008-07-01 and 2008-08-01 -----------------------------

2008-07-31 15:57:24 0 d-------- C:\Documents and Settings\Chris\Application Data\rhc91uj0e16a
2008-07-27 19:53:34 0 dr-h----- C:\Documents and Settings\Chris\Recent
2008-07-26 14:16:11 0 d-------- C:\WINDOWS\system32\349168
2008-07-25 18:36:31 863848 --ahs---- C:\WINDOWS\system32\qYbayGgh.ini2
2008-07-25 18:31:34 50688 --a------ C:\cuhv.exe
2008-07-25 18:31:32 13312 --a------ C:\xxdxsn.exe
2008-07-25 18:14:33 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-25 18:14:21 0 d-------- C:\Documents and Settings\Chris\Application Data\DAEMON Tools
2008-07-08 17:21:44 0 d-------- C:\Program Files\uTorrent
2008-07-08 17:21:33 0 d-------- C:\Documents and Settings\Chris\Application Data\uTorrent


-- Find3M Report ---------------------------------------------------------------

2008-07-28 13:36:42 0 d-------- C:\Program Files\Java
2008-07-27 23:49:51 0 d-------- C:\Program Files\DivX
2008-07-06 19:43:22 0 d-------- C:\Documents and Settings\Chris\Application Data\Azureus
2008-06-23 16:23:22 0 d-------- C:\Program Files\Common Files
2008-06-23 16:23:22 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-23 16:08:58 0 d-------- C:\Documents and Settings\Chris\Application Data\DivX
2008-06-23 15:54:04 0 d-------- C:\Program Files\OJOsoft
2008-06-19 23:47:38 0 d-------- C:\Program Files\Zune
2008-06-17 18:33:06 0 d-------- C:\Documents and Settings\Chris\Application Data\Mozilla
2008-06-08 20:28:42 0 d-------- C:\Program Files\FrostWire
2008-06-07 14:42:53 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-02 21:23:30 0 d-------- C:\Program Files\Foxit Software


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91344945-f925-4358-b1cf-d085880f0046}]
C:\WINDOWS\system32\gichrp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 08:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 08:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 08:50 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 06:48 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 02:59 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 11:30 PM C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 04:19 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 01:05 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 10:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 10:44 AM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/30/2005 04:47 PM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [07/19/2005 06:32 PM]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [09/08/2005 06:55 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [09/26/2007 07:05 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [04/29/2008 07:56 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"SMrhc91uj0e16a"="C:\Program Files\rhc91uj0e16a\rhc91uj0e16a.exe" []
"lphcc1uj0e16a"="C:\WINDOWS\system32\lphcc1uj0e16a.exe" []
"BM57634934"="C:\WINDOWS\system32\lpsgjqkk.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [04/11/2006 08:39 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/07/2008 02:42 PM]
"Aim6"="" []
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [07/24/2007 02:12 AM]

C:\Documents and Settings\Chris\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [11/5/2007 7:24:33 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/21/2008 04:00 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 04:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32]
winrkp32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGyabYq

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2008-08-01 16:28:54 ------------


*extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.70GHz
Percentage of Memory in Use: 82%
Physical Memory (total/avail): 503.37 MiB / 88.46 MiB
Pagefile Memory (total/avail): 1227.9 MiB / 714.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.61 MiB

C: is Fixed (NTFS) - 52.72 GiB total, 33.36 GiB free.
D: is Fixed (NTFS) - 18.5 GiB total, 0.23 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9808211A - 74.53 GiB - 4 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 52.72 GiB - C:
\PARTITION2 - Installable File System - 18.5 GiB - D:
\PARTITION3 - Unknown - 3.26 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Trend Micro PC-cillin Internet Security (Firewall) v12 (Trend Micro, Inc.)
AV: Trend Micro PC-cillin Internet Security v12.7.1019 (Trend Micro, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Enabled:Warez3"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"C:\\Program Files\\Piolet\\Piolet.exe"="C:\\Program Files\\Piolet\\Piolet.exe:*:Enabled:Piolet"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\FrostWire\\FrostWire.exe"="C:\\Program Files\\FrostWire\\FrostWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\WINDOWS\\system32\\rlvknlg.exe"="C:\\WINDOWS\\system32\\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Chris\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHRISTOPHER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Chris
LOGONSERVER=\\CHRISTOPHER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Chris\LOCALS~1\Temp
TMP=C:\DOCUME~1\Chris\LOCALS~1\Temp
USERDOMAIN=CHRISTOPHER
USERNAME=Chris
USERPROFILE=C:\Documents and Settings\Chris
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Chris (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
725plc32 --> MsiExec.exe /I{162D2FB8-60A3-4871-B6A1-5C744CD34FF5}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Cisco Clean Access Agent --> MsiExec.exe /X{41C18715-AFF0-49E9-B940-287A50532D33}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Consumer Complete Care Services Agreement --> MsiExec.exe /X{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}
Dell Color Printer 725 --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcfUNST.EXE -NOLICENSE
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support 3.1 --> MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
FoxyTunes for Firefox --> "C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Jasc Paint Shop Pro 9 --> MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_2490235\Setup.exe /APR-REMOVE
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1 --> "C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 --> "C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Xbox 360 Accessories 1.1 --> MsiExec.exe /X{66F0AC35-4805-44BC-A3D4-347D4196F9B3}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3 File Editor 5.11 (standard) --> C:\WINDOWS\iun506.exe C:\Documents and Settings\Chris\Desktop\Mp3 File Editor\irunin_mp3fe.ini
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
netbrdg --> MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
ObjectDock --> C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Rainlendar2 (remove only) --> "C:\Program Files\Rainlendar2\uninst.exe"
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Search Assist --> MsiExec.exe /X{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TBS WMP Plug-in --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
Trend Micro PC-cillin Internet Security 12 --> MsiExec.exe /X{7698EDA5-A90F-4205-99CB-8FF6F9048ED9}
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Documents and Settings\Chris\Desktop\Desktop\WinRar\uninstall.exe
Zune --> c:\Program Files\Zune\ZuneSetup.exe /x
Zune --> MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}
Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type175 / Warning
Event Submitted/Written: 08/01/2008 04:23:08 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{F843C6A3-224D-4615-94F8-3C461BD9AEA0}', feature 'PaintShopPro' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type174 / Warning
Event Submitted/Written: 08/01/2008 04:23:08 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{F843C6A3-224D-4615-94F8-3C461BD9AEA0}', feature 'PaintShopPro', component '{E46B662B-CC16-46AE-8536-DAC1B730A51E}' failed. The resource 'HKEY_CURRENT_USER\Software\Jasc\Paint Shop Pro 9\Installer\CacheFolder' does not exist.

Event Record #/Type173 / Warning
Event Submitted/Written: 08/01/2008 04:23:04 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{F843C6A3-224D-4615-94F8-3C461BD9AEA0}', feature 'PaintShopPro' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type172 / Warning
Event Submitted/Written: 08/01/2008 04:23:04 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{F843C6A3-224D-4615-94F8-3C461BD9AEA0}', feature 'PaintShopPro', component '{E46B662B-CC16-46AE-8536-DAC1B730A51E}' failed. The resource 'HKEY_CURRENT_USER\Software\Jasc\Paint Shop Pro 9\Installer\CacheFolder' does not exist.

Event Record #/Type171 / Warning
Event Submitted/Written: 08/01/2008 04:23:03 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{F843C6A3-224D-4615-94F8-3C461BD9AEA0}', feature 'PaintShopPro' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type45336 / Error
Event Submitted/Written: 08/01/2008 04:22:22 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%3

Event Record #/Type45335 / Warning
Event Submitted/Written: 08/01/2008 04:22:16 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00166FA9DBF8. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type45327 / Error
Event Submitted/Written: 08/01/2008 04:12:46 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.1.3 on the
Network Card with network address 00166FA9DBF8.

Event Record #/Type45326 / Warning
Event Submitted/Written: 08/01/2008 04:12:46 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00166FA9DBF8. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type45306 / Error
Event Submitted/Written: 07/31/2008 07:00:12 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The npkcrypt service failed to start due to the following error:
%%3



-- End of Deckard's System Scanner: finished at 2008-08-01 16:28:54 ------------
  • 0

#6
cawris
Posted 01 August 2008 - 04:04 PM

cawris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
And all of the hidden folders are visible now, don't know if it is supposed to be like that or not.
  • 0

#7
emeraldnzl
Posted 01 August 2008 - 05:57 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello cawris,

Couple of things.

Firstly, please don't post your logs back all in bold. It makes them hard to analyse and in internet forum terms it's actually not polite... it's like shouting. :)

Secondly, do you know what this is?

S3 sejt1 - c:\documents and settings\chris\desktop\hacks\akuma\akuma\sejt.sys (file missing)

As to this:

And all of the hidden folders are visible now, don't know if it is supposed to be like that or not.


Yep, that's part of the process and will be attended to in the clean up at the end.

Now let's get down to things.

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

-----Step 2-----

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINDOWS\system32\349168
C:\WINDOWS\system32\gichrp.dll
C:\WINDOWS\system32\qYbayGgh.ini2
C:\cuhv.exe
C:\xxdxsn.exe
HKEY_LOCAL_MACHINE\~\Browser Helper Objects\\{91344945-f925-4358-b1cf-d085880f0046}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32
C:\WINDOWS\system32\rlvknlg.exe
purity
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

-----Step 3-----

Before we proceed we need to backup your Registry. Making changes to your computers registry is a dangerous proceedure and backup will allow us to recover information if necessary.

Download and install ERUNT (Emergency Recovery Utility NT) from here lars Hederer or here Snapfiles.com.

Click on ERUNT and follow the prompts to backup your registry to a location of your choosing.

Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMrhc91uj0e16a"=-
"lphcc1uj0e16a"=-
"BM57634934"=-

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\rlvknlg.exe"=-

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\
00

Then double click on the fix.reg file, when it prompts to merge click "Yes"

The above Registry file was written specifically for this infection on this person's computer. It should NOT to be used on another computer, as it may cause serious damage causing the computer to become unusable.

-----Step 4-----

Run Deckards System Scanner again.

This time there will only be one log.

* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* When it has finished, dss will open Notepad .txt please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents in your next reply.

So when you come back please post
  • VunodFix log
  • OTMoveIt2 results
  • DSS log
  • 0

#8
cawris
Posted 01 August 2008 - 08:10 PM

cawris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Sorry for the bold. I thought it would make it easier to find the break in reports, but I was backwards. I'm doing the scans right now. :)
  • 0

#9
cawris
Posted 01 August 2008 - 08:30 PM

cawris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

S3 sejt1 - c:\documents and settings\chris\desktop\hacks\akuma\akuma\sejt.sys (file missing)

I'm not sure what it is. I think it is one of the files that HiJackThis tried to delete the first time, but don't hold me to it.

VundoFix came up with nothing, so I don't think there is a log to post. Just said nothing found.

*HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:47 PM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {6400f088-580d-fc1b-8534-529f54944319} - {91344945-f925-4358-b1cf-d085880f0046} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...O/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9473 bytes

*OTMoveIT2
Explorer killed successfully
C:\WINDOWS\system32\349168 moved successfully.
File/Folder C:\WINDOWS\system32\gichrp.dll not found.
C:\WINDOWS\system32\qYbayGgh.ini2 moved successfully.
C:\cuhv.exe moved successfully.
File/Folder C:\xxdxsn.exe not found.
< HKEY_LOCAL_MACHINE\~\Browser Helper Objects\\{91344945-f925-4358-b1cf-d085880f0046} >
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91344945-f925-4358-b1cf-d085880f0046}\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32 >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32\\ deleted successfully.
File/Folder C:\WINDOWS\system32\rlvknlg.exe not found.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\Chris\LOCALS~1\Temp\etilqs_oC2xqoHfjUhYDeH7PcpE scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08012008_211627

Files moved on Reboot...
File C:\DOCUME~1\Chris\LOCALS~1\Temp\etilqs_oC2xqoHfjUhYDeH7PcpE not found!

*DSS main.txt
Deckard's System Scanner v20071014.68
Run by Chris on 2008-08-01 21:27:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 79% (more than 75%).
Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Chris.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:15 PM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Chris\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Chris.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: {6400f088-580d-fc1b-8534-529f54944319} - {91344945-f925-4358-b1cf-d085880f0046} - (no file)
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Free Music Zilla\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...O/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab57176.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab57176.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9529 bytes

-- Files created between 2008-07-01 and 2008-08-01 -----------------------------

2008-08-01 21:04:23 0 d-------- C:\VundoFix Backups
2008-07-31 15:57:24 0 d-------- C:\Documents and Settings\Chris\Application Data\rhc91uj0e16a
2008-07-27 19:53:34 0 dr-h----- C:\Documents and Settings\Chris\Recent
2008-07-25 18:14:33 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-25 18:14:21 0 d-------- C:\Documents and Settings\Chris\Application Data\DAEMON Tools
2008-07-08 17:21:44 0 d-------- C:\Program Files\uTorrent
2008-07-08 17:21:33 0 d-------- C:\Documents and Settings\Chris\Application Data\uTorrent


-- Find3M Report ---------------------------------------------------------------

2008-07-28 13:36:42 0 d-------- C:\Program Files\Java
2008-07-27 23:49:51 0 d-------- C:\Program Files\DivX
2008-07-06 19:43:22 0 d-------- C:\Documents and Settings\Chris\Application Data\Azureus
2008-06-23 16:23:22 0 d-------- C:\Program Files\Common Files
2008-06-23 16:23:22 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-23 16:08:58 0 d-------- C:\Documents and Settings\Chris\Application Data\DivX
2008-06-23 15:54:04 0 d-------- C:\Program Files\OJOsoft
2008-06-19 23:47:38 0 d-------- C:\Program Files\Zune
2008-06-17 18:33:06 0 d-------- C:\Documents and Settings\Chris\Application Data\Mozilla
2008-06-08 20:28:42 0 d-------- C:\Program Files\FrostWire
2008-06-07 14:42:53 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-02 21:23:30 0 d-------- C:\Program Files\Foxit Software


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91344945-f925-4358-b1cf-d085880f0046}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 08:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 08:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 08:50 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 06:48 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 02:59 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 11:30 PM C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 04:19 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 01:05 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 10:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 10:44 AM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/30/2005 04:47 PM]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [07/19/2005 06:32 PM]
"DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [09/08/2005 06:55 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [09/26/2007 07:05 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [04/29/2008 07:56 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [04/11/2006 08:39 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/07/2008 02:42 PM]
"Aim6"="" []
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [07/24/2007 02:12 AM]

C:\Documents and Settings\Chris\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [11/5/2007 7:24:33 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [05/21/2008 04:00 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 04:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2008-08-01 21:27:33 ------------
  • 0

#10
cawris
Posted 02 August 2008 - 07:06 AM

cawris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I'll be back in a few days. Have to go out of town. Wouldn't want you to think I am abandoning you though. My computer is already much better. Thanks. Be back Tuesday.
  • 0

Advertisements

#11
emeraldnzl
Posted 02 August 2008 - 02:13 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello cawris,

I'll be back in a few days. Have to go out of town. Wouldn't want you to think I am abandoning you though. My computer is already much better. Thanks. Be back Tuesday.


No problem we will still be here.

Things look much better now.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: {6400f088-580d-fc1b-8534-529f54944319} - {91344945-f925-4358-b1cf-d085880f0046} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

-----Step 2-----

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

When you come back please post
  • MBAM scan results
  • 0

#12
cawris
Posted 05 August 2008 - 03:11 PM

cawris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ok Back.


Malwarebytes' Anti-Malware 1.24
Database version: 1027
Windows 5.1.2600 Service Pack 2

4:06:23 PM 8/5/2008
mbam-log-8-5-2008 (16-06-23).txt

Scan type: Quick Scan
Objects scanned: 38108
Time elapsed: 9 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 11
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\rhc91uj0e16a (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Chris\Application Data\rhc91uj0e16a (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Application Data\rhc91uj0e16a\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Application Data\rhc91uj0e16a\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Application Data\rhc91uj0e16a\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Application Data\rhc91uj0e16a\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Application Data\rhc91uj0e16a\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Application Data\rhc91uj0e16a\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Application Data\rhc91uj0e16a\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Application Data\rhc91uj0e16a\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Application Data\rhc91uj0e16a\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Application Data\rhc91uj0e16a\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM57634934.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM57634934.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
  • 0

#13
emeraldnzl
Posted 05 August 2008 - 03:50 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello cawris,

Making some more progress.

Kaspersky only works if you are using Internet Explorer.

Please do an online scan with Kaspersky WebScanner.

Click on the Kaspersky Online Scanner button. A box will come up, click Accept, this will allow it to install an ActiveX component and download its latest anti-virus database. (Note: It may take a couple of minutes)

  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    * Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    * Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    * Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information in your next post.

So when you come back please post
  • the Kaspersky scan results
  • and a new HijackThis log please
  • 0

#14
cawris
Posted 05 August 2008 - 05:21 PM

cawris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Done!

*Kaspersky
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, August 05, 2008 6:20:30 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/08/2008
Kaspersky Anti-Virus database records: 1057928
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 46536
Number of viruses found: 3
Number of infected objects: 1072
Number of suspicious objects: 0
Duration of the scan process: 00:41:41

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\01 - Carbon Leaf - Life Less Ordinary - Indian Summer_192k.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\01 SupaSaturation (radio version).mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\01 Windblown.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\02 OK Alone.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\03 Lost Angeles.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\05 Desert Train.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\05 Show Me.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\06 - Nickel Creek - This Side - This Side_192k.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\06 I Just Drove By.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\07 Lighted Up.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\08 If Its Wrong 1.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\09 - Deanna Carter - Sunny Day - the story of my life_192k.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\09 When We Are One.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Big Sky190k.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Carey Ott - Mother Madam_192k.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Clark Country - Track 2.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Eugene Edwards - It Doesn't Get Any Better Than This.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Eugene Edwards - My Favorite Revolution.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Eugene Edwards - The Next Time You Go.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Freakhouse - Liars Inc. 192k.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\gandalf_192.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Get More with Jukebox Plus.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\GIRL.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Green.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\I Love Lovin U.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Jeff Black - Tin Lily_192k.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\kacy.crowley.badass.192.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\kacycrowley.blood.192.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\kacycrowley.kindofperfect.192.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Lie To Me.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Long Long Time 192.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Love Me Too Much190k.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Marcy Playground - No Ones Boy 192k.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Mas Rapido - Christopher Robin's Dead - 192k.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Natural Fool (192k).mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Not Hot To Trot.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\NuSensation_192k.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\OceanDriveClubMix_192k.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\omar_192.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\OpusOne_192k.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Orange Peels - Something In You - 192k.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Rescue Me.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sister Vikki.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sorrow - 192k.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sorry.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Steady As She Goes (192k).mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Swell.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\The Greencards - Time - weather and water_193k.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Tremolo - Baby Blue.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Tremolo - Can You Feel It Now.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Tremolo - You Were Born For This.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Urbia.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\White Hassle - Indiana Sun.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\White Hassle - Jealousy (Will Get You).mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\White Hassle - She's Dead.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\.rainlendar2\rainlendar2.log Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\cert8.db Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\content-prefs.sqlite Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\cookies.sqlite Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\downloads.sqlite Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\formhistory.sqlite Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\key3.db Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\parent.lock Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\permissions.sqlite Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\places.sqlite Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\places.sqlite-journal Object is locked skipped
C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-8-5-2008( 16-9-20 ).LOG Object is locked skipped
C:\Documents and Settings\Chris\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\AELT.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\AKCK.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\AMLW.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\BECP.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\BGTC.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\BJUZ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\CDKD.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\CGYH.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\CHMX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\CLBX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\CUZP.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\DIBX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\DMOR.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\DNXW.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\EFQS.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\EHBD.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\EPRV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\EUJP.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\FBRW.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\FGXL.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\FTTT.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\FYTW.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\GHQC.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\GIUI.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\GMTZ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\GQRQ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\GWFU.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\GWKQ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\HBOF.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\HGPE.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\HTCG.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\IUON.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\JJNX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\JKCY.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\JKKI.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\JPJO.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\JQYD.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\JWWT.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\JYBS.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\KDQX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\KIFG.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\KJEF.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\KPKZ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\KYXF.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\KZAX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\KZTG.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\KZTM.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\KZVP.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\LASU.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\LIFN.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\LMTP.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\LNWB.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\MFKD.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\MFLA.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\MHBG.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\MJNJ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\MSQP.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\MYDN.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\NDJB.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\NJDE.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\NNJW.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\NNYI.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\NPWD.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\OAWE.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\OCHQ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\OCZP.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\PHPZ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\PPXB.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\PTFN.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\QFOO.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\QJJA.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\QMBD.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\QNSZ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\QURU.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\QWQO.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\REEZ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\RHFF.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\RPVC.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\SFRF.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\STFT.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\SXQV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\TTTM.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\TUFL.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\UGEH.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\UKVX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\UMGG.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\UONM.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\UYLX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\VXBJ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\WBKU.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\WGTI.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\WGZQ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\WIWY.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\WNGC.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\XHTT.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\XKPM.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\XMHK.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\YOPG.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\ZJLL.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\ZMUB.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\ZQYJ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F00\ZXSY.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\AABF.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\ANBH.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\ANOZ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\AXFE.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\AXKW.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\AYNR.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\BSCK.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\CCFT.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\CDYC.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\CHNW.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\CMFA.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\CTLL.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\CTWF.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\CUDI.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\DBVG.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\DGMX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\DJIB.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\DLKP.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\DRGB.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\EBDC.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\EHDF.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\EOSO.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\EOUD.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\EVXF.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\FDPY.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\GMDG.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\GMZA.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\GYQW.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\HAQL.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\HCVY.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\HEIF.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\HIER.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\HNPK.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\HOYP.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\HRHW.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\ICDL.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\JPCS.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\JWQI.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\KHLD.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\KHXM.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\LAND.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\LMPH.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\LUCW.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\LWOY.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\LZVI.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\MEAE.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\MLWJ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\MOYD 1.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\MOYD.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\MPVL.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\MTUI.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\NFII.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\NSHK.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\NUDL.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\NVTY.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\OVMP.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\OWBB.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\OXWH.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\PDNN.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\PIGZ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\PKZA.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\PQBQ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\PYQF.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\QBXQ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\QGPU.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\QJSP.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\QOAO.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\QPAP.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\QQJK.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\QSSC.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\RGLS.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\RKNK.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\RVHC.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\RWMB.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\RYJS.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\SHHF.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\SMIE.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\SOCA.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\SPDD.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\SVNV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\SVYR.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\SZCX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\TOLX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\TQKX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\UNXI.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\URSJ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\VJJM.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\WVHJ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\XEBQ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\XNGV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\XYLU.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\YVLR.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\YYQQ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\ZAZW.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\ZCAP.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\ZDMO.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\ZGFL.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\ZJPL.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\ZKTT.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\ZNCK.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\ZSCR.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\ZWUJ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\ZYCI.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\ZZEC.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\ZZNJ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F01\ZZXF.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\AFAI.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\AFIP.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\AHJS.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\AJGT.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\APAP.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\AUKS.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\AUUI.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\AUXZ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\AWKB.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\BHGG.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\BLCL.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\BPRT.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\BVXD.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\BWIW.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\CKOX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\CLCU.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\CPZF.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\CRPQ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\CSFM.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\DNGR.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\DPLA.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\EABF.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\EPCM.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\ESOE.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\EVBR.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\FCYB.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\FDTR.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\FGEO.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\FTVE.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\FYJZ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\GANV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\GFLI.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\GGXJ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\GMVA.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\GMXD.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\GNCC.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\GOLH.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\HFWM.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\HSVU.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\IWFQ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\IZRD.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\KCHZ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\KDMI.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\KKGU.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\LEGG.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\LJPI.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\LKEC.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\LKKX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\LQEG.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\LRGZ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\MGFZ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\MJHO.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\MXHJ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\NHMK.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\NWHJ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\NXQK.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\OCBK.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\OHMG.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\ORFX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\PGDT.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\PJTI.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\PZRW.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\QDNZ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\QMQU.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\QMXI.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\QWOX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\QXHI.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\REOX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\RITN.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\RJWU.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\SKDS.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\STTU.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\TMVZ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\UKAD.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\ULZU.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\UNON.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\UQPY.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\UTAT.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\VJOV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\WBXY.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\WENV.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\WGBE.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\WNJY.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\WRYS.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\WULL.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\WVPH.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\XFZN.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\XHTO.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\XJCA.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\XPDS.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\XUVQ.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\YCSC.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\YDUR.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\YQXM.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\YVIU.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\YZIU.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\ZCDE.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\ZCMC.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\ZFCO.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\ZKVX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\ZUJM.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\ZWRX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\ZXXX.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Desktop\Music\F02\ZZZE.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Application Data\Mozilla\Firefox\Profiles\98xo2kar.default\urlclassifier3.sqlite Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Temp\etilqs_i0nWcKXXxS8KxF2EuUCn Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Chris\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chris\My Documents\My Music\Alice in Chains - Dirt\Alice in Chains - Rain When I Die.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\My Documents\My Music\Alice in Chains - Dirt\Alice in Chains - Angry Chair.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\My Documents\My Music\Alice in Chains - Dirt\Alice in Chains - Dam that River.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\My Documents\My Music\Alice in Chains - Dirt\Alice in Chains - Dirt.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\My Documents\My Music\Alice in Chains - Dirt\Alice in Chains - Down in a Hole.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\My Documents\My Music\Alice in Chains - Dirt\Alice in Chains - God Smack.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\My Documents\My Music\Alice in Chains - Dirt\Alice in Chains - Hate to Feel.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\My Documents\My Music\Alice in Chains - Dirt\Alice in Chains - Iron Gland.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\My Documents\My Music\Alice in Chains - Dirt\Alice in Chains - Junkhead.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\My Documents\My Music\Alice in Chains - Dirt\Alice in Chains - Rooster.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\My Documents\My Music\Alice in Chains - Dirt\Alice in Chains - Sickman.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\My Documents\My Music\Alice in Chains - Dirt\Alice in Chains - Them Bones.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\My Documents\My Music\Alice in Chains - Dirt\Alice in Chains - Would.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\My Documents\My Music\Blue Oyster Cult - Don't Fear the Reaper The Best of Blue Oyster Cult\Blue Oyster Cult - (Don't Fear) The Reaper.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\My Documents\My Music\Blue Oyster Cult - Don't Fear the Reaper The Best of Blue Oyster Cult\Blue Oyster Cult - Astronomy.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\My Documents\My Music\Blue Oyster Cult - Don't Fear the Reaper The Best of Blue Oyster Cult\Blue Oyster Cult - Black Blade.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\My Documents\My Music\Blue Oyster Cult - Don't Fear the Reaper The Best of Blue Oyster Cult\Blue Oyster Cult - Burnin' for You.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\My Documents\My Music\Blue Oyster Cult - Don't Fear the Reaper The Best of Blue Oyster Cult\Blue Oyster Cult - Cities on Flame With Rock and Roll.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d skipped
C:\Documents and Settings\Chris\My Documents\My Music\Blue Oyster Cult - Don't Fear the Reaper The Best of Blue Oyster Cult\Blue Oyster Cult - Flaming Telepaths.mp3 Infected: Trojan-Downloader.WMA.GetCodec.d sk
  • 0

#15
emeraldnzl
Posted 05 August 2008 - 08:00 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again cawris,

We didn't get all that Kaspersky report.

Please post back with the Kaspersky report as an attatchment.

regards
emeraldnzl
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP