View Full Version: SOLVED:Task Manager issue

Soft Hardware Forums [MOVED] > SOLVED > SOLVED:Task Manager issue


Title: SOLVED:Task Manager issue


Lepht - April 16, 2007 02:05 AM (GMT)
Hey whats up people, here is the situation:

I downloaded Limewire from download.com. I tried, but didn't like it, so I exited it. Like 15 sec after I exited it, it started running on it's own again. Everytime I would turn it off and everytime is would start on it's own again. So, I uninstalled it. But now, a java error window would pop up every 15 sec and tell me LW is missing some files and can not run. Next, I tried to open Task manager and end the LW process. To my surprise Ctrl+Alt+Del did not bring TM up! I than had to use Windows defender to end the process.

So, here is my problem: Ctrl+Alt+Del is not working :(

Here is a HJL:

Logfile of HijackThis v1.99.1
Scan saved at 9:55:27 PM, on 4/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\TopDesk\topdesk.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [speedfan] C:\Program Files\SpeedFan\speedfan.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [DesktopX] "C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: svchost.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ZhengDao.LUKE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170543442515
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {AA33C66F-71DB-43E9-B559-3CBE4398E9A9} (BugsGameStarts Class) - http://au.bugsgames.net/game/GBugsGameStart.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - Unknown owner - C:\Program Files\McAfee\MBK\MBackMonitor.exe (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SpeedFanTray (SpeedFanTraySvc) - Unknown owner - C:\Documents and Settings\ZhengDao.LUKE\SpeedFanTraySvc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe



Nebon - April 16, 2007 07:41 AM (GMT)
Hmm, there are some things that seem a little unusual in your log. Can you give me a day or two to get back to you on that?

Nebon - April 16, 2007 08:13 AM (GMT)
First, we need to run a little batch, because I need to check for something. So, open notepad, paste in the text below exactly.

QUOTE
@echo off
dir /o:d /a "C:\Program Files\" > c:\dirlist.txt
dir /o:d /a "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\" > c:\dirlist2.txt
C:\Windows\notepad.exe c:\dirlist.txt
C:\Windows\notepad.exe c:\dirlist2.txt
exit


Then, press 'file' >> 'save as' >> then save it as find.bat on your desktop. Can you then please run, find.bat and post me the two text files which will appear.

Lepht - April 16, 2007 02:01 PM (GMT)
When you say unusual, is it regarding to the TM?

I am not at my computer atm, I'll get to it as soon as I get home.

Nebon - April 16, 2007 03:32 PM (GMT)
When I mean unusual I mean this entry:
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

Usually there is a file at the end of that path.
E.g O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

I have asked a few of my collegues and they have seen the same thing but just left it. Just out of curiosity, does the windows folder open when you log in?

Lepht - April 16, 2007 08:19 PM (GMT)
"does the windows folder open when you log in?"

Automatically on it's own? No, I don't think so.

Ok, I did what you told me for find.bat, but, when I click on the gear icon named "find" it told me that, "Another program is currently using this file".
I also typed in find.bat in run, and it told me, "can't find 'find.bat'.

Nebon - April 16, 2007 09:37 PM (GMT)
Hmm, odd. Well lets hit that malware then:

We will be entering safemode at a point in this fix and you will not be able to return to this page. You may wish to either print out these instructions or save them in a word processing application.

1) I do not recommend that you have more than one realtime protection product installed/ running on your computer at a time. The reason for this is that it can lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the the software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
I would recommend you only have one peice of real-time protection active at a time.

2) Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
  • O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  • O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
  • O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
  • O4 - Global Startup: svchost.exe

Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis and reboot.

3)Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.


4) Next, please enable viewing of hidden files as follows:
1) Go to My Computer, and click on the "Tools" menu
2) Click "Folder options"
3) Select the "View" tab
4) Make sure "Show hidden files and folders" is selected
5) Make sure "Hide extensions for known file types" is unchecked
6) Make sure "Hide protected operating system files (recommended)" is unchecked

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.

Next, delete the following files (if they exist):
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
Then reboot into normal mode.

5) While in safemode Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
In your next reply can you please post, A new Hijackthis log and the Doctor Web Cureit log. Can you also tell me if you can now access task manager.

If you have any problems or questions, please do not hesitate to ask.

Lepht - April 16, 2007 10:52 PM (GMT)
"Global Startup: svchost.exe" is not listed. The closest thing I see is:

Global Startup: __delete _on_ reboot__ s_v_c_h_o_s_t_._e_x_e_

Should I check it or not?

Lepht - April 17, 2007 02:41 AM (GMT)
Ok, I got one good news and some really bad ones too.

Good news: TM is working now.

Bad news:

After I log in to desktop,
-Startbar is gone
-Nothing is on the desktop
-Right click on desktop does not work
-Windows logo on my keyboard does not bring up start
-wallpaper still there
-The only 2 things that are there when windows starts are, windowblinds telling me it is only a trial (which is normal). The other thing is the windows explore folder, which is the only way for me to open firefox and everything else now.

Am I in big trouble?

Infinity - April 17, 2007 03:24 AM (GMT)
Could you post another HijackThis log if possible. I would like to help in this topic even though Nebon is leading it very well. :)

We can both try and get your problem taken care of.

Lepht - April 17, 2007 03:25 AM (GMT)
Logfile of HijackThis v1.99.1
Scan saved at 11:24:47 PM, on 4/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [speedfan] C:\Program Files\SpeedFan\speedfan.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [DesktopX] "C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ZhengDao.LUKE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170543442515
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {AA33C66F-71DB-43E9-B559-3CBE4398E9A9} (BugsGameStarts Class) - http://au.bugsgames.net/game/GBugsGameStart.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - Unknown owner - C:\Program Files\McAfee\MBK\MBackMonitor.exe (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SpeedFanTray (SpeedFanTraySvc) - Unknown owner - C:\Documents and Settings\ZhengDao.LUKE\SpeedFanTraySvc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe


Infinity - April 17, 2007 03:41 AM (GMT)
F2 - REG:system.ini: Shell=

Remove the entry above and see if you can get your start bar and everything to come back up. We may need to remove more objects to get them to come back.

As Nebon and I both explore that WINDOWS folder entry that is suspicious.

Lepht - April 17, 2007 03:49 AM (GMT)
Ok, I "Fix Checked" "F2 - REG:system.ini: Shell=" and I got my startbar and everything else back!

Lepht - April 17, 2007 03:51 AM (GMT)
Here is the new HJL:

Logfile of HijackThis v1.99.1
Scan saved at 11:50:40 PM, on 4/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TopDesk\topdesk.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKCU\..\Run: [speedfan] C:\Program Files\SpeedFan\speedfan.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [DesktopX] "C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ZhengDao.LUKE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170543442515
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {AA33C66F-71DB-43E9-B559-3CBE4398E9A9} (BugsGameStarts Class) - http://au.bugsgames.net/game/GBugsGameStart.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MBackMonitor - Unknown owner - C:\Program Files\McAfee\MBK\MBackMonitor.exe (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SpeedFanTray (SpeedFanTraySvc) - Unknown owner - C:\Documents and Settings\ZhengDao.LUKE\SpeedFanTraySvc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe


Infinity - April 17, 2007 04:00 AM (GMT)
Glad to hear! :softhardware:

Nebon and I will continue to look at that one list "Folder" looking entry.

In the meantime lets clean up your HijackThis just a bit. If you can please remove these entries:


O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ZhengDao.LUKE\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O18 - Protocol: ms-help - (no CLSID) - (no file)

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)

O23 - Service: MBackMonitor - Unknown owner - C:\Program Files\McAfee\MBK\MBackMonitor.exe (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: SpeedFanTray (SpeedFanTraySvc) - Unknown owner - C:\Documents and Settings\ZhengDao.LUKE\SpeedFanTraySvc.exe (file missing)

----

This is just to make the log file a bit easier to read if you ever have to submit it again. These are just entries that pretty much have no purpose except to show us that there is not a file there anymore. :)

Lepht - April 17, 2007 04:11 AM (GMT)
Hey, here is log:

Logfile of HijackThis v1.99.1
Scan saved at 12:10:09 AM, on 4/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\RunOnce: [aswAhAScr.dll] C:\PROGRA~1\ALWILS~1\Avast4\ASWREG~1.EXE "C:\Program Files\Alwil Software\Avast4\AhAScr.dll"
O4 - HKCU\..\Run: [speedfan] C:\Program Files\SpeedFan\speedfan.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [DesktopX] "C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe"
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170543442515
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin7USA.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {AA33C66F-71DB-43E9-B559-3CBE4398E9A9} (BugsGameStarts Class) - http://au.bugsgames.net/game/GBugsGameStart.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SpeedFanTray (SpeedFanTraySvc) - Unknown owner - C:\Documents and Settings\ZhengDao.LUKE\SpeedFanTraySvc.exe (file missing)
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe


Nebon - April 17, 2007 06:21 AM (GMT)
Some of those could actually be there and it could just be a problem with Hijackthis. I was always told that you can only trust it to report file missing on 02's, 03's and 020's. This will be fixed however in the next release.

Despite this, those enteries were not very important. Dont know how that new line suddenly appeared. Its an autoloader, but again where is the path? That is what confuses me. Yet another entry without a file path. I think we need to do a Rootkit scan and I need to do some research.

Lepht - April 17, 2007 04:09 PM (GMT)
Just realized I have not posted the Doc Web log. I get it up ASAP, when I get home that is.

During the scan I remember seeing things such as my IRC client and yahoo buddy list being labeled as trojan and was deleted. Obviously they were not, so would you maybe shed some light on that?

Nebon - April 17, 2007 05:16 PM (GMT)
Hmm, that is very odd. Usually Dr Web Cureit is very reliable and used for scanning by many experts. I will report the false positives to them, if you can give me some file names. But remember they could have been infected by any number of malware on your machine, as you did have a virus.

That entry is related to Norton by the way and as you have not got Norton on your machine I will investigate no further and delete it, despite my wonder to as its path.

1) Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:
  • O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis and reboot.

2) Download gmer.zip and save to your desktop.
alternate download site 1
alternate download site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    *System Protection and Tracing
    *Processes
    *Save created processes to the log
    *Drivers
    *Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

3) Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 1 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.
4) Okie dokie. You say some of the files that you think it found are legit. If you wish to check them please follow the below instructions. (The DrWeb Cure-it quarentine folder is located here: C:\Documents and Settings\userprofile\DoctorWeb\Quarantine )

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to C:\Documents and Settings\userprofile\DoctorWeb\Quarantine and Submit the files you suspect to be clean.

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/flash/index_en.html

5) Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
If you have any problems or questions about the above instructions, do not hesitate to ask.

Lepht - April 17, 2007 05:53 PM (GMT)
Before, I start on this, I just want to make a few comments please:

- What more will this accomplish since TM is working now?

- The last time I did what you told me, I ended up in a worse place. Please don't take it as if I am blaming you. I just want to know where this will lead me to.

- I am not longer running Norton is correct.


Nebon - April 17, 2007 08:02 PM (GMT)
First, I want to know where that new Autoloading entry came from. If you did not enter it then something or someone else must have done. I want to see if there is something else deeper. The rootkit scan will not quarininte any files. It will check for super hidden extensions, files and any Rook Hooks.

Second, what happened was that a new entry suddenly appeared in your log. I have never seen this before. It was a shell with another empty path. None of the programs I told you to download would have created this.

Third, good then it should be fine to remove that entry in HJT.

I will explain what I am doing in each part of the fix for you. One moment please.

Lepht - April 17, 2007 08:10 PM (GMT)
Ok, thanks for the reply. here is my DrWeb log from yesterday:

mirc.exe;C:\sysreset;Program.mIRC.61;Incurable.Moved.;
1Click DVD Copy v5.1.1.9.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
1st Evidence Remover 2.3.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
300 2006 DVDRip.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
3DS Max 9.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
ABC Amber Outlook Converter 8.12.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
AceReader Pro Deluxe Network v5.0e.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Acoustica Beatcraft ver. 1.02.14.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Adobe Flash Player 9.0.45.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Adobe Illustrator CS 11.0 Portable.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Adobe Illustrator CS2 12.0 Full.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Adobe Photoshop CS3 Beta.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Adobe Photoshop Plugin Collection.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Advanced Encryption Package Pro 4.6.1.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Adware Spyware Be Gone v2.51.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
AJC Directory Synchronizer 2.4.12.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
AlbumWeb Pro 3.1.3.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Allok MOV Converter 1.7.6.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Allok Video Joiner 1.7.4.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Allok Video Splitter 1.7.4.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Animated GIF Producer v.3.1.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
AnyDVD 6.1.3.5.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
AnyDVD HD 6.1.3.5 Incl RES Loader.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Aplus DVD Copy 3.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Are We Done Yet.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Ashampoo Burning Studio 5 5.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Ashampoo Burning Studio 7.00 Beta.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
AT Screen Thief 3.9.3 build 370.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Atani 3.8.5.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Audio DVD Creator 1.85.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
AudioList Plus v.4.4.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
AudioToolsFactory Vista MP3 Recorder v1.00.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
AusLogics BoostSpeed v3.6.8.655 Multilanguage.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
AusLogics Emergency Recovery v2.0.8.154 Multilanguage.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
avast Virus Cleaner 1.0.211.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Bandwidth Monitor 2.9 build 637.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Black Eyed Dog 2006 DVDRip.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Bubble Xmas.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Bufor 2007.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
CaptureWizPro v3.9.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Caramba Deluxe.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Carmageddon 1.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Cheetah DVD Burner 1.69.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Chessmaster Challenge.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Chicken Village.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Child Control 2005 v7.210.0.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Chuzzle Deluxe.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Clash N Slash v1.2.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
CloneDVD 4.1.023.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Code Visualizer 2.49.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
CoffeeCup Flash Firestarter v7.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
CoffeeCup Flash Form Builder v.6.0 Retail.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
CoffeeCup Flash Form Builder ver.6.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Coffeecup Image Mapper 4.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
ComputerTime 2.0.0.47.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Cool CD Ripper 1.20.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Cooolsoft Power MP3 WMA Converter 2006 v3.003.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Cosmos Cosmic Adventure.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
CyberLink Power Cinema v5.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
D3DGear 1.62.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Daemon Tools V4.0.3.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Date Movie 2006 DVDRip.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Delayed Shutdown ver.1.11.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Doomed 2007.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
DotFix NiceProtect v2.3.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Duplicate Finder ver.3.2.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
DVD PixPlay 3.35.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
DVD Rebuilder Pro v1.03 SuperSet.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
DVD Ripper Wizard v1.21.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
DVD X Studios CloneDVD v4.1.0.2.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
DVD X Studios CloneDVD ver.4.1.0.23.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Ease DVD to MP3 Ripper v1.10.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
EndTask Pro 3.2.40.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Eterlogic Secret Drive ver.1.01.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
EVEREST Ultimate Edition v4.00.981 Beta.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Evil Aliens 2005.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Excel to MySQL Import, Export & Convert v1.1.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
FairStars Audio Converter 1.5.5.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Fantasy DVD Platinum 9.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Flyboys 2006 DVDRip.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
FROGGER 3D (FULL).exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
GameThrust 1.4.9.2007d.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Genie Backup Manager Professional ver.7.0.218.388.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Genuine Fractals PrintPro.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Grand Theft Auto 2.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
GXTranscoder 3.20.45.3671.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
H264WebCam 1.65.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Happily NEver After 2007.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Hide IP Platinum v2.1.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
History Cleaner v3.13.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
HTML Password Lock v3.4.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
HTTP Debugger 3.2.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Image Forge Pro.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Imposer Pro 1.0 for Adobe Acrobat.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Indentsoft Label Maker Plus 2.2.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
InfoSafe Plus v.4.4.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Intel C Plus Plus Compiler v9.0.024.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Jetico BCWipe ver.3.10.5.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Jetico Personal Firewall 2.0.0.29 RC.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Kaspersky Anti-virus 6.0.2.614.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Kaspersky Anti-Virus Personal 6.0.2.621.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Kodak Eastman All Plug-Ins Pro v2.0.0 Only WinXP.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
KoolMoves ver.5.05 Retail.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
LAN Helper 1.50.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
LAN Surveyor v.9.7 Enterprise.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Lan Viewer v1.64.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
LANsurveyor v9.7 Enterprise.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
LoanExpert Plus v.4.4.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Macromedia Flash Player 9.0.45.0 Final.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Macromedia Flash Pro 8.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Magus Crow 3D Screensaver.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
MAYA 8.5 full.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
McAfee AntiSpyware Enterprise v8.5sa Engine v5100.0194.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
McAfee QuickClean v6.00.7.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
McAfee SpamKiller ver. 7.0.14 Retail.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Mcafee Virus Scan Pro 9.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Meet the Robinsons 2007.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Messenger Plus Live 4.20.262.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Microsoft Office 2006 Enterprise Final.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Microsoft Office XP Professional.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Microsoft Student Graphing Calculator.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Microsoft Windows Vista Final 2006.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
MindSoft Utilities XP v8.2.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
MP3 Audio Recorder 8.60.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
n-Track Studio 5.0.7 Build 2265.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Need For Speed Carbon ISO.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Neosoft NeoBook v5.5.3b Professional.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Network DeepScan 2.6.1.3 Crack.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Network Event Viewer 6.0.0.42.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Network Visualizer v.4.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
NewsReactor 1.0 Build 9052.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Old School 2003 DVDRip.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Outpost Firewall Professional 4.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Photo Crop Editor v1.09.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Photo Pos Pro 1.15.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Photo2DVD Studio 3.4.0.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
PhotoFiltre v6.2.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
PhotoZoom Pro 2.2.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Plane Dead 2007.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Pocket Mindmap 1.3.1.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Polis 2007.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Pool 3D Training Edition.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Portable Opera 9.20.8771 MultiLanguage.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
PowerArchiver 2004 v9.10.06.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
PowerISO 3.7.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
PrimalScript 4 Professional.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
PrintFolder Pro 3.3.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Public Access Desktop v.3.3.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Quick Notes Plus 5.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Quite Revealing 1.7.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Real Spy Monitor v2.66.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
RealArcade Chicken Attack.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Reg Organizer 4.10 Beta 3.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Resco Explorer 5.22.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Rich Mailer v.2.5.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
RKS Calendar Builder v3.44.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
RM Audio Converter Joiner 1.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Road Rash.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Running On Karma 2003.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
RyanVMs Windows XP Post-SP2 Update Pack 2.1.9.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Scarred - Season 1Episode 1.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Selteco Flash Designer v5.0.22.9.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Serum 2006 DVDRip.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Setup Factory 7.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
SimVector v.4.10.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Skype V 1.4.0.84.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Solitaire City.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Speed Up My PC v.3.2.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
SpyRemover v2.59.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Spyware Doctor v5.0.0.179.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Stamp Tracker v2.1.1.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Sunbelt Network Security Inspector 1.6.63.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Super Sound Joiner 3.0.121.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Super Utilities ver.7.38.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
SWiSH Max v1.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
System Mechanic Pro 5.0c.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
System Of A Down - Toxicity II Advance 2002.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Talking Translator Pro v1.7.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Text To PDF Converter v3.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
The Books Program v2.23.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
The Covenant 2006 DVDRip.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
The Extreme Rally 1.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
The Keys Program v3.11.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
The Naked Ape 2006 DVDRip.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Total Commander 2.0 PPC.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Transformers Beast Wars ISO.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
TreeSize Professional v3.33 264.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Turistas 2006.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
TVedia 4.0.714.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
TwistedBrush 9.6.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Ulead GIF Animator 5.05.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Ulead VideoStudio 10 Plus.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Uninstall Plus 4.1.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Uninstall Plus ver.4.1.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
urlShop 2.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
V for Vendetta 2005.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
VideoStore3000 ver.1.00.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Virtua Tennis 3 Sega PC.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
ViViDVD Player v2.0.5.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
VLC VideoLAN Client Media Player 0.8.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Vopt 8.18.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
VueScan Pro v8.4.18.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
WebCopier 4.5.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
WindowBlinds 5.5 enhanced.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Windows & Internet Cleaner Pro v5.6.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Windows XP 2000 NT Key Enterprise Edition v7.0.11.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Windows XP Crystal Edition 2007.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Windows XP Media Center 2005.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Windows XP USB Edition.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
WinPatrol PLUS v10.0.1.0.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Winsettings 2005.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
WinZip Pro v11.0.7347.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
WordWeb Pro 4.1 inc keygen.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
X-NetStat Professional 5.5 Beta 2a.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
XoftSpySE v4.31.232 + Patch.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
XP Web Buttons v3.52.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
xzxzxzxzxzxz.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
Yahoo Buddy Check 1.0.1.exe;C:\Documents and Settings\ZhengDao.LUKE\Desktop\_;Trojan.MulDrop.3338;Deleted.;
A0046990.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP228;Trojan.MulDrop.3338;Deleted.;
A0046991.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP228;Trojan.MulDrop.3338;Deleted.;
A0048995.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050012.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050013.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050014.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050015.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050016.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050017.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050018.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050019.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050020.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050021.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050022.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050023.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050024.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050025.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050026.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050027.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050028.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050029.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050030.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050031.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050032.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050033.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050034.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050035.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050036.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050037.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050038.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050039.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050040.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050041.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050042.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050043.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050044.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050045.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050046.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050047.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050048.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050049.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050050.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050051.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050052.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050053.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050054.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050055.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050056.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050057.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050058.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050059.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050060.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050061.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050062.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050063.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050064.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050065.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050066.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050067.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050068.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050069.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050070.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050071.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050072.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050073.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050074.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050075.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050076.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050077.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050078.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050079.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050080.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050081.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050082.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050083.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050084.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050085.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050086.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050087.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050088.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050089.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050090.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050091.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050092.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050093.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050094.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050095.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050096.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050097.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050098.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050099.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050100.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050101.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050102.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050103.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050104.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050105.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050106.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050107.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050108.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050109.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050110.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050111.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050112.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050113.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050114.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050115.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050116.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050117.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050118.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050119.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050120.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050121.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050122.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050123.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050124.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050125.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050126.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050127.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050128.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050129.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050130.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050131.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050132.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050133.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050134.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050135.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050136.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050137.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050138.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050139.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050140.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050141.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050142.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050143.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050144.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050145.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050146.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050147.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050148.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050149.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050150.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050151.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050152.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050153.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050154.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050155.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050156.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050157.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050158.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050159.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050160.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050161.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050162.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050163.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050164.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050165.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050166.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050167.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050168.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050169.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050170.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050171.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050172.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050173.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050174.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050175.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050176.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050177.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050178.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050179.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050180.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050181.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050182.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050183.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050184.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050185.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050186.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050187.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050188.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050189.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050190.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050191.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050192.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050193.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050194.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050195.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050196.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050197.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050198.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050199.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050200.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050201.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050202.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050203.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050204.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050205.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050206.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050207.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050208.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050209.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050210.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050211.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050212.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050213.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050214.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050215.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050216.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050217.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050218.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050219.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050220.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050221.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050222.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050223.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050224.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050225.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050226.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050227.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;
A0050228.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP229;Trojan.MulDrop.3338;Deleted.;

Lepht - April 17, 2007 09:09 PM (GMT)
During the Gmer scan, an error occurred and after I clicked "don't send report" a blue screen poped up!

user posted image

user posted image

I am going to try this again.

Nebon - April 17, 2007 09:17 PM (GMT)
Thank you very much for your co-operation. I know it must be fustrating when something goes wrong. I apologize if anything I instructed you to do went wrong.

Did you see my previous post on fixes to take?

Well, instruction number one. That entry obviously should no longer be used by Norton, as that is the only legitimate program that should be using that key. As you have no Norton, either there is something illegitimate there or Norton was not uninstalled properly. You can only uninstall it with a special tool provided by symantec and not through add/remove programs.

Instruction number two, Gmer is a rootkit scanning utility. Rootkits are the new hard to catch spyware. They are many different types of Rootkits and they can be used for anything from stealing your passwords and sending them to remote attackers to being perfectly legitimate programs. They do not show in the running processes list as they are hidden from it, and they hide most signs of their running.

Instruction number three, I see you have java version 1.5. Hackers can utilize older versions of Java to gain entry into your system. Following these instructions will update your Java runtime, ergo lowering the risk of attack.

Instruction number four, you said that some of the files moved by Doctor Web Cureit were legitimate. Doing the following submits files to a site where they are scanned by several market leading anti-virus software. They will then tell you the results from each.

Instructions number five, this will flush all the old restore points from your computer. If you were to use the system restore function now you could 'roll-back' to a point where your computer is in an infected state. This would be a bad thing to do as you would have to clean your machine all again. The instructions also let you know how to make a new restore point now your computer is nice and clean.

Nebon - April 17, 2007 09:19 PM (GMT)
Hmm, the program said you may recieve an error. Can you try it in safe mode please? If this also produces an error message tell me and we will use a different program.

Shame we are in so different time zones. I am 5 hours ahead. We barely get any time to post when we are both on.

(I only just posted my last post while you were doing the previous).

Lepht - April 17, 2007 09:34 PM (GMT)
I'll do Gmer in safe mode then. Hey, thanks a lot mate, thanks for taking the time and every thing.

Do you ever get on your MSN by any chance?

Nebon - April 17, 2007 09:54 PM (GMT)
No need to thank me. You have seen this fix through. I have a great deal of statisfaction when I see a clean computer.

I am never on it very much. But here is my addy: connor_rogers17@hotmail.com. I usually do nothing useful out though. Half of my mates are a bunch of stoners, one of them threaten to hit me tonight, but he couldnt even stand up :lol: , so I just laughed at him and ran off with his football :ph43r: .

Lepht - April 17, 2007 09:57 PM (GMT)
By football you mean soccer? :lol:

I saw your MSN and added you on live, if you see some with a "Luke" E-mail, thats me.

Gmer is running in safemode as I type. One thing though, Because Gmer does not have a progress bar, I don't know how far I am into it... but thats no big deal.


Nebon - April 17, 2007 10:04 PM (GMT)
Yep, he couldnt even be bothered to move. Soccer is exactly what I mean. I know I shouldnt really say this, but have you seen people stoned? If you have you will know that most people end up laughing no matter what you say. Well he was literally tiring himself out laughing. People also get extremly hungry after smoking that stuff and I have already tried to talk sense into him to stop doing it. But he persists.

You will probably wish to delete this post after reading, incase I offend any visitors.

Lepht - April 17, 2007 10:11 PM (GMT)
Soft Hardware and softhardware.net does not support any illegal usage of any illegal substances. Kidds, say noto drugs.

Nebon - April 17, 2007 10:19 PM (GMT)
Also, all postings are expressed views of their authors and not nessacarily softhardware.net.

Nebon - April 17, 2007 10:20 PM (GMT)
I must get some sleep now as it is 11:20 pm. I will check up on this in the morning. See you tomorrow mate.

Lepht - April 17, 2007 10:49 PM (GMT)
Hope you had a good sleep.

Here is the gmer log:

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-04-17 18:32:53
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState
SSDT sptd.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.12 ----

.text USBPORT.SYS!DllUnload F727862C 5 Bytes JMP 86D7C1B8

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86DCED60
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 877CC1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 877CC1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86C46990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 86C46990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86CF79D0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 86C46990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 86C46990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 86C46990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 86C46990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 86C46990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 86C46990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 86C46990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 86C46990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 86C46990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 86C46990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 86C46990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 86C46990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 86C46990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 86C46990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 86C46990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 86D7B1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 877661D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 877661D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 877661D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 877661D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 877661D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 877661D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 877661D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 877661D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 877661D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 877661D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 877661D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 877661D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 877661D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 877661D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 877661D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 877661D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 877661D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 877661D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 877661D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 877661D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 877661D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 877661D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 877661D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 877661D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 877661D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 877661D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 877661D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 877661D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 877661D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 877661D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 877661D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 877661D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 877661D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 877661D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 877661D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 877661D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 877661D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 877661D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 877661D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 877661D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 877661D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 877661D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 877661D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 877661D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 86D7B1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 86D4E1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 86D4E1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 86D4E1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D4E1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 86D4E1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 86D4E1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 86D4E1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 877CF1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 87740200
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 87740200
Device \Driver\iastor \Device\Ide\iaStor0 IRP_MJ_CREATE 877CE1D8
Device \Driver\iastor \Device\Ide\iaStor0 IRP_MJ_CLOSE 877CE1D8
Device \Driver\iastor \Device\Ide\iaStor0 IRP_MJ_DEVICE_CONTROL 877CE1D8
Device \Driver\iastor \Device\Ide\iaStor0 IRP_MJ_INTERNAL_DEVICE_CONTROL 877CE1D8
Device \Driver\iastor \Device\Ide\iaStor0 IRP_MJ_POWER

Lepht - April 17, 2007 10:49 PM (GMT)
877CE1D8
Device \Driver\iastor \Device\Ide\iaStor0 IRP_MJ_SYSTEM_CONTROL 877CE1D8
Device \Driver\iastor \Device\Ide\iaStor0 IRP_MJ_PNP 877CE1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 877283B0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 877283B0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 877283B0
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 IRP_MJ_CREATE 877CE1D8
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 IRP_MJ_CLOSE 877CE1D8
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 IRP_MJ_DEVICE_CONTROL 877CE1D8
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 877CE1D8
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 IRP_MJ_POWER 877CE1D8
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 IRP_MJ_SYSTEM_CONTROL 877CE1D8
Device \Driver\iastor \Device\Ide\IAAStorageDevice-0 IRP_MJ_PNP 877CE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 877CF1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 877CF1D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 86D7B1D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP 86D7B1D8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 87741558
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CREATE 86D4E1D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CLOSE 86D4E1D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_DEVICE_CONTROL 86D4E1D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D4E1D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_POWER 86D4E1D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_SYSTEM_CONTROL 86D4E1D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_PNP 86D4E1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 877CF1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 877CF1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 877CF1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 877CF1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 877CF1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 877CF1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 877CF1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 877CF1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 877CF1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 877CF1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 877CF1D8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 86CAADA0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 877CD1D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE 877CD1D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 877CD1D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 877CD1D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 877CD1D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 877CD1D8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 877CD1D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 86C46990
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 86C46990
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 86CF79D0
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 86C46990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 86C46990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 86C46990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 86C46990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 86C46990
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 86C46990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 86C46990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 86C46990
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 86C46990
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 86C46990
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 86C46990
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 86C46990
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 86C46990
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 86C46990
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 86C46990
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 87726260
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 87726260
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 87726260
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 87726260
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 87726260
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 86C44350
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 86C44350
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 86C520E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 86C44350
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 86C44350
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 86C44350
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 86C44350
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 86C44350
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 86C44350
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 86C44350
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 86C44350
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 86C44350
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 86C44350

---- Modules - GMER 1.0.12 ----

Module _________ F74CD000

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-762712826-1484717274-3032508051-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9C36D7B-521C-0F8E-DE8E-0BDC18AC80EE}@abmjhbckgpiejifeableclkchdkpcbkbdk 0x61 0x61 0x00 0x00
Reg \Registry\USER\S-1-5-21-762712826-1484717274-3032508051-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9C36D7B-521C-0F8E-DE8E-0BDC18AC80EE}@bbmjhbckgpiejifeabigjoppciipagpffjgl 0x61 0x61 0x00 0x00

---- Files - GMER 1.0.12 ----

ADS C:\StarBox\Misc\X wars\XWars.exe:SummaryInformation
ADS C:\StarBox\Misc\X wars\XWars.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP218\A0043782.exe:SummaryInformation
ADS C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP218\A0043782.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP227\A0046114.exe:SummaryInformation
ADS C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP227\A0046114.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP228\A0046992.exe:SummaryInformation
ADS C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP228\A0046992.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

---- EOF - GMER 1.0.12 ----

Lepht - April 17, 2007 11:37 PM (GMT)
- Java remove, update, done!

- System restore/ Delete all but most recent SRP, done!

- Currently, the system is running fine.

Nebon - April 18, 2007 07:07 AM (GMT)
I had a good sleep thanks :D until my little brother ran in at about 6 in the morning and stole my heater.

Can you enlighten to what XWars.exe is, as it has a hidden ADS stream.

I am also a little supsicious to as what these keys are, my reason for that is they have a line of random letters:
Reg \Registry\USER\S-1-5-21-762712826-1484717274-3032508051-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9C36D7B-521C-0F8E-DE8E-0BDC18AC80EE}@abmjhbckgpiejifeableclkchdkpcbkbdk 0x61 0x61 0x00 0x00

Reg \Registry\USER\S-1-5-21-762712826-1484717274-3032508051-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B9C36D7B-521C-0F8E-DE8E-0BDC18AC80EE}@bbmjhbckgpiejifeabigjoppciipagpffjgl 0x61 0x61 0x00 0x00

Apart from those everything looks fine.

Lepht - April 18, 2007 02:03 PM (GMT)
We have a different definition for the word "heater" here in Brooklyn!

Xwars is just geometry wars sim, don't worry, it's with me ;)

As for the 2 keys, are those the same? except for the red fonts. Do you want me to delete them?

Nebon - April 18, 2007 03:20 PM (GMT)
Hmm, they are shell extensions. So they cant really be harmful I suppose. Well looks like you are all clean. Unless of course there are any outstanding issues not reflected in your log. Well done, for following this fix through.


Lepht - April 18, 2007 03:27 PM (GMT)
I would like to thank you, your lil'bro and your not so clean mate :ph43r:

Hey, really thanks for helping out. I feel much cleaner already!

Lepht - April 18, 2007 06:10 PM (GMT)
If you have any further questions you may open up another topic. Need help with anything else? There is a section on Soft Hardware for it!

TOPIC SOLVED




* Hosted for free by InvisionFree