Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virus that corrupts msword, winrar, pdf files beyond repair

Started by marriyo , Nov 20 2008 09:37 AM

  • Please log in to reply

#1
marriyo
Posted 20 November 2008 - 09:37 AM

marriyo

    New Member

  • Member
  • Pip
  • 1 posts
HI
about a month ago all msword winrar iso pdf and internet explorer files on the desktop of my computer were corrupted beyond repair. After two weeks all the files on 'my documents' were also corrupted. I tried to repair the word files but even after repair significant chunks have been replaced by a weird text ~dula^204~
The winrar files also when opened by hexeditor had a significant chunk replaced with the above text.
moreover i noticed under msconfig serivces tags there were many wierd services with meaningless names. you can see those on the Otscanit log
i tried to use hijackthis and remove them but one by one they start to accumulate again.


the hijackthis logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:39 AM, on 11/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\web\service\ofcservice.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe
C:\WINDOWS\system32\ofcservice.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\WINDOWS\TEMP\FWE474.EXE
C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\DbServer.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\x\Desktop\OTScanIt\OTScanIt.exe
C:\WINDOWS\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://hp1277850061...ll/WinNTChk.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://hp1277850061...root/AtxEnc.cab
O16 - DPF: {E78DE03F-DC83-40DB-B590-8FD80BE5F7C8} (Security Server Management Console) - https://hp1277850061.../AtxConsole.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF84C3AC-825A-4E44-AF4C-9B50B4C6A040}: NameServer = 61.139.2.69
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apache2 - Apache Software Foundation - c:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: IviRegMgr - Unknown owner - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (file missing)
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Trend Micro Security Server Master Service (ofcservice) - Trend Micro Inc. - C:\Program Files\Trend Micro\Security Server\PCCSRV\web\service\ofcservice.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: pcdservice - Unknown owner - C:\Program Files\Phantombility\Phantom CD\pcdservice.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe

--
End of file - 9155 bytes




Here is the OTscanit log

[code=auto:0]
OTScanIt logfile created on: 11/20/2008 5:10:35 AM
OTScanIt by OldTimer - Version 1.0.19.0 Folder = C:\Documents and Settings\x\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.23 Mb Total Physical Memory | 418.21 Mb Available Physical Memory | 41.19% Memory free
2.39 Gb Paging File | 1.81 Gb Available in Paging File | 75.70% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.51 Gb Total Space | 12.88 Gb Free Space | 19.96% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 8.30 Gb Free Space | 83.01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AGENT33
Current User Name: x
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
apache.exe -> %ProgramFiles%\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.54 | Size = 20541 bytes | Modified Date = 4/16/2005 1:25:34 PM | Attr = ]
apache.exe -> %ProgramFiles%\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.54 | Size = 20541 bytes | Modified Date = 4/16/2005 1:25:34 PM | Attr = ]
ofcservice.exe -> %SystemRoot%\system32\ofcservice.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/23/2008 2:36:44 AM | Attr = ]
omtsreco.exe -> %SystemDrive%\oracle\ora92\bin\omtsreco.exe -> Oracle Corporation [Ver = 9.2.0.1.0 | Size = 57603 bytes | Modified Date = 4/30/2002 3:23:46 PM | Attr = ]
fwe474.exe -> %SystemRoot%\Temp\FWE474.EXE -> [Ver = | Size = 217630 bytes | Modified Date = 10/20/2008 6:18:30 AM | Attr = ]
pdfsty.exe -> %ProgramFiles%\PDF Complete\pdfsty.exe -> PDF Complete Inc [Ver = 3.0.84.2001 | Size = 331288 bytes | Modified Date = 8/7/2007 9:59:48 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Apache2) Apache2 [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.54 | Size = 20541 bytes | Modified Date = 4/16/2005 1:25:34 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> File not found
(IviRegMgr) IviRegMgr [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\InterVideo\RegMgr\iviRegMgr.exe -> File not found
(OracleMTSRecoveryService) OracleMTSRecoveryService [Win32_Own | Auto | Running] -> %SystemDrive%\oracle\ora92\bin\omtsreco.exe -> Oracle Corporation [Ver = 9.2.0.1.0 | Size = 57603 bytes | Modified Date = 4/30/2002 3:23:46 PM | Attr = ]
(OracleOraHome92ClientCache) OracleOraHome92ClientCache [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\oracle\ora92\bin\ONRSD.EXE -> [Ver = | Size = 287859 bytes | Modified Date = 11/18/2008 4:42:57 AM | Attr = ]
(PCA) PC Angel [Win32_Own | Auto | Stopped] -> %SystemRoot%\SMINST\PCAngel.exe -> SoftThinks [Ver = 4, 0, 1, 21 | Size = 410075 bytes | Modified Date = 10/20/2008 6:19:19 AM | Attr = ]
(pcdservice) pcdservice [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Phantombility\Phantom CD\pcdservice.exe -> File not found
(pdfcDispatcher) PDF Document Manager [Win32_Own | Auto | Stopped] -> %ProgramFiles%\PDF Complete\pdfsvc.exe -> PDF Complete Inc [Ver = 3.0.1.2 | Size = 585715 bytes | Modified Date = 11/7/2008 3:18:16 PM | Attr = ]
(~@qkvod@@~) ~@qkvod@@~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Remind_XP.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:44 PM | Attr = ]
(~@uhoddlb~) ~@uhoddlb~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\BitLord.exe -> [Ver = | Size = 43520 bytes | Modified Date = 11/18/2008 5:55:39 AM | Attr = ]
(~ancsfcqs~) ~ancsfcqs~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ntrtscan.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:21:30 PM | Attr = ]
(~aspx^saf~) ~aspx^saf~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\BitComet.exe -> [Ver = | Size = 43520 bytes | Modified Date = 11/20/2008 1:39:52 AM | Attr = ]
(~bgkeaqc@~) ~bgkeaqc@~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\SetRefresh.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:40 PM | Attr = ]
(~bhn^vb@e~) ~bhn^vb@e~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\WinRAR.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:27:46 PM | Attr = ]
(~buhxtexk~) ~buhxtexk~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\SetRefresh.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:40 PM | Attr = ]
(~cojspeus~) ~cojspeus~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\WinRAR.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:27:46 PM | Attr = ]
(~dfwtluxt~) ~dfwtluxt~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Remind_XP.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:44 PM | Attr = ]
(~duenqcpu~) ~duenqcpu~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ntrtscan.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:21:30 PM | Attr = ]
(~dwvpeuqh~) ~dwvpeuqh~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\pccntmon.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:43 PM | Attr = ]
(~eefo^^^s~) ~eefo^^^s~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Recguard.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:42 PM | Attr = ]
(~efskumxi~) ~efskumxi~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\pccntmon.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:43 PM | Attr = ]
(~ehhn@jkg~) ~ehhn@jkg~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\pccntmon.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:43 PM | Attr = ]
(~enhhpafj~) ~enhhpafj~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\NL587F.exe -> [Ver = | Size = 43520 bytes | Modified Date = 11/20/2008 3:40:19 AM | Attr = ]
(~et@@q^@^~) ~et@@q^@^~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ofcservice.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/23/2008 2:36:44 AM | Attr = ]
(~evearwkt~) ~evearwkt~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ntrtscan.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:21:30 PM | Attr = ]
(~fbvbx^sv~) ~fbvbx^sv~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ntrtscan.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:21:30 PM | Attr = ]
(~fjlgenhr~) ~fjlgenhr~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ntrtscan.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:21:30 PM | Attr = ]
(~fwhgv@l@~) ~fwhgv@l@~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ntrtscan.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:21:30 PM | Attr = ]
(~fxtajgns~) ~fxtajgns~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Scheduler.exe -> [Ver = | Size = 43520 bytes | Modified Date = 11/9/2008 8:45:33 AM | Attr = ]
(~gd^wc^cb~) ~gd^wc^cb~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\avgui.exe -> [Ver = | Size = 43520 bytes | Modified Date = 11/20/2008 3:41:32 AM | Attr = ]
(~gpnc@xum~) ~gpnc@xum~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\pccntmon.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:43 PM | Attr = ]
(~guesrqwu~) ~guesrqwu~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Remind_XP.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:44 PM | Attr = ]
(~gvvm@hsk~) ~gvvm@hsk~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Uninstall_Norton2009_TrialReset.exe -> File not found
(~g^ijkrjf~) ~g^ijkrjf~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\tmlisten.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:21:47 PM | Attr = ]
(~hltwaicd~) ~hltwaicd~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\OUTLOOK.exe -> [Ver = | Size = 43520 bytes | Modified Date = 11/18/2008 11:36:39 PM | Attr = ]
(~htdrrw^g~) ~htdrrw^g~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\iviRegMgr.exe -> [Ver = | Size = 43520 bytes | Modified Date = 11/9/2008 8:45:37 AM | Attr = ]
(~huwddtvn~) ~huwddtvn~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\UPNP.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/30/2008 5:36:55 AM | Attr = ]
(~hvouigf@~) ~hvouigf@~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Scheduler.exe -> [Ver = | Size = 43520 bytes | Modified Date = 11/9/2008 8:45:33 AM | Attr = ]
(~hwmkavxs~) ~hwmkavxs~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Scheduler.exe -> [Ver = | Size = 43520 bytes | Modified Date = 11/9/2008 8:45:33 AM | Attr = ]
(~in@evpu^~) ~in@evpu^~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Remind_XP.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:44 PM | Attr = ]
(~ipbifodu~) ~ipbifodu~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Scheduler.exe -> [Ver = | Size = 43520 bytes | Modified Date = 11/9/2008 8:45:33 AM | Attr = ]
(~jbbkivro~) ~jbbkivro~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ntrtscan.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:21:30 PM | Attr = ]
(~jiti@kbf~) ~jiti@kbf~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Recguard.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:42 PM | Attr = ]
(~jxpjfjdv~) ~jxpjfjdv~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\BitComet.exe -> [Ver = | Size = 43520 bytes | Modified Date = 11/20/2008 1:39:52 AM | Attr = ]
(~kcqejfuv~) ~kcqejfuv~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\WinRAR.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:27:46 PM | Attr = ]
(~keu@qndm~) ~keu@qndm~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ntrtscan.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:21:30 PM | Attr = ]
(~ktlcnmak~) ~ktlcnmak~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Scheduler.exe -> [Ver = | Size = 43520 bytes | Modified Date = 11/9/2008 8:45:33 AM | Attr = ]
(~ku@wcrej~) ~ku@wcrej~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Remind_XP.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:44 PM | Attr = ]
(~lgajgxie~) ~lgajgxie~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Remind_XP.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:44 PM | Attr = ]
(~lsntbcwe~) ~lsntbcwe~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Recguard.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:42 PM | Attr = ]
(~mmo^nqkp~) ~mmo^nqkp~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\BitComet.exe -> [Ver = | Size = 43520 bytes | Modified Date = 11/20/2008 1:39:52 AM | Attr = ]
(~muabtoph~) ~muabtoph~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ntrtscan.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:21:30 PM | Attr = ]
(~neadrx@s~) ~neadrx@s~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Recguard.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:42 PM | Attr = ]
(~nogjkhrs~) ~nogjkhrs~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Recguard.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:42 PM | Attr = ]
(~nricaoth~) ~nricaoth~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\WinRAR.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:27:46 PM | Attr = ]
(~objvmrge~) ~objvmrge~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ntrtscan.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:21:30 PM | Attr = ]
(~odqatrnf~) ~odqatrnf~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Remind_XP.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:44 PM | Attr = ]
(~pjcnqdm^~) ~pjcnqdm^~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\OUTLOOK.exe -> [Ver = | Size = 43520 bytes | Modified Date = 11/18/2008 11:36:39 PM | Attr = ]
(~pjrvlqku~) ~pjrvlqku~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\pccntmon.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:43 PM | Attr = ]
(~pktnwgvi~) ~pktnwgvi~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Recguard.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:42 PM | Attr = ]
(~rgkow@^i~) ~rgkow@^i~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\UPNP.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/30/2008 5:36:55 AM | Attr = ]
(~ritfosqb~) ~ritfosqb~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Recguard.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:42 PM | Attr = ]
(~rluoqidx~) ~rluoqidx~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Scheduler.exe -> [Ver = | Size = 43520 bytes | Modified Date = 11/9/2008 8:45:33 AM | Attr = ]
(~rpqfdmwe~) ~rpqfdmwe~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Remind_XP.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:44 PM | Attr = ]
(~siqpbfbr~) ~siqpbfbr~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\iviRegMgr.exe -> [Ver = | Size = 43520 bytes | Modified Date = 11/9/2008 8:45:37 AM | Attr = ]
(~sxbffrdn~) ~sxbffrdn~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\pdfsvc.exe -> [Ver = | Size = 43520 bytes | Modified Date = 11/9/2008 8:46:00 AM | Attr = ]
(~tfwuejr@~) ~tfwuejr@~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\pccntmon.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:43 PM | Attr = ]
(~tvhnhwfm~) ~tvhnhwfm~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\PCAngel.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/29/2008 2:09:17 AM | Attr = ]
(~u@xwgnnb~) ~u@xwgnnb~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ntrtscan.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:21:30 PM | Attr = ]
(~udundlec~) ~udundlec~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\OUTLOOK.exe -> [Ver = | Size = 43520 bytes | Modified Date = 11/18/2008 11:36:39 PM | Attr = ]
(~ufj^rqw^~) ~ufj^rqw^~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\pccntmon.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:43 PM | Attr = ]
(~uhpwdeib~) ~uhpwdeib~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\setup_magicdisc.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/28/2008 11:15:51 PM | Attr = ]
(~uidgeekj~) ~uidgeekj~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ntrtscan.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:21:30 PM | Attr = ]
(~uxqps^hw~) ~uxqps^hw~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\SetRefresh.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:40 PM | Attr = ]
(~vbqok@fd~) ~vbqok@fd~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\SetRefresh.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:40 PM | Attr = ]
(~wknvncqb~) ~wknvncqb~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\Recguard.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:42 PM | Attr = ]
(~wkotteeh~) ~wkotteeh~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\tmlisten.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:21:47 PM | Attr = ]
(~wr@xv@ho~) ~wr@xv@ho~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ofcservice.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/23/2008 2:36:44 AM | Attr = ]
(~xkx@s@qu~) ~xkx@s@qu~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\cgiOnUpdate.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/29/2008 2:10:01 AM | Attr = ]
(~xsmfhppl~) ~xsmfhppl~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\SetRefresh.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:26:40 PM | Attr = ]
(~^nxtjknp~) ~^nxtjknp~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\WinRAR.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:27:46 PM | Attr = ]
(~ihdrdbct~) ~ihdrdbct~ [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ntrtscan.exe -> [Ver = | Size = 43520 bytes | Modified Date = 10/20/2008 11:21:30 PM | Attr = ].......
\
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP