NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  
February 13, 2012, 02:52:07 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: SMF - Just Installed!
 
   Home   Help Search Login Register  

need help with this computer


AddThis Social Bookmark Button AddThis Feed Button
Pages: [1]
« previous next »
  Print  
Author Topic: need help with this computer  (Read 24180 times)
jjcooll
Newbie
*
Posts: 3


View Profile
« on: March 25, 2006, 01:25:35 PM »
popups and popunders keep coming and it's not connected to the internet. I have run every spy and adware program imaginable to fix it so here is the hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 1:38:41 PM, on 3/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\bfocc.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,lavgnde.exe
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\System32\slk8x2peu.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [sys09878143770] C:\WINDOWS\sys09878143770.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0002.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129311734843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129311723796
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://F:\AUTORUN\Flash\swflash.cab
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\System32\w9seq.dll
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\gpj0l31m1.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Logged
HJT Analyzer
Guest
« Reply #1 on: March 25, 2006, 02:56:03 PM »
Hello, Jjcooll!

The Hijack This log analyzer has analyzed your log.

Your log does not indicate any spyware or virus infection. However, there are some entries that you might want to fix. Please follow the steps below.

The following entries are not malicious, but some of them are not used anymore. You may use HijackThis to fix a few of them. However, please keep in mind that some of the entries marked as Questionable or Not Needed are fully legitimate and might be required by installed software to work properly, while some others might be related to certain parasites. It is up to you to decide whether you need any of them, or not.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0002.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129311734843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129311723796
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://F:\AUTORUN\Flash\swflash.cab
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\System32\w9seq.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

If you want to see more detailed analysis of your log, click here.

Thank you for using the 2-Spyware.com HijackThis log analyzer!
Logged
1972vet
Newbie
*
Posts: 47



View Profile
« Reply #2 on: March 25, 2006, 09:41:42 PM »
You have a l2me/vx2[/color] infection among other things.

Please download

Look2M

e-Destroyer.exe to your desktop.
    * Close all windows before continuing.
        * Double-click Look2Me-Destroyer.exe to run it.
        * Put a check next to Run this program as a task.
        * You will receive a message saying Look2Me-Destroyer will close

    and re-open in approximately 1 minute. Click OK
        * When Look2Me-Destroyer re-opens, click the Scan for L2M button,

    your desktop icons will disappear, this is normal.
        * Once it's done scanning, click the Remove L2M button.
        * You will receive a Done Scanning message, click OK.
        * When completed, you will receive this message: Done removing

    infected files! Look2Me-Destroyer will now shutdown your computer,

    click OK.
        * Your computer will then shutdown.
        * Turn your computer back on.


If you receive a runtime error '339' please download

MSWINSCK.OCX from the link below and place it in your

C:\Windows\System32 Directory.
http:

//www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Then you click the Remove L2M button and wait for it to give you a

message when you click ok on it it should shut itself down.

Next, please run HijackThis again and put a check in the box next to these entries that may still exist:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\bfocc.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,lavgnde.exe
O4 - HKLM\..\Run: [q8lg] "C:\WINDOWS\System32\slk8x2peu.exe"
O4 - HKLM\..\Run: [sys09878143770] C:\WINDOWS\sys09878143770.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia.com/install/pcs_0002.exe
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\System32\w9seq.dll
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\gpj0l31m1.dll
Close all other open windows except for HijackThis. Now click Fix Checked.

Next, using Windows Explorer[/color] navigate to the following locations and delete the files indicated in Red:
C:\WINDOWS\System32\slk8x2peu.exe
C:\WINDOWS\sys09878143770.exe
C:\WINDOWS\System32\w9seq.dll
C:\WINDOWS\system32\gpj0l31m1.dll

Reboot the computer and post back a new Hijackthis Log
Logged
jjcooll
Newbie
*
Posts: 3


View Profile
« Reply #3 on: March 26, 2006, 10:44:35 AM »
I tried to delet the files you indicated but they came back before I could reboot.  some files were no longer there. but here is the most recent hijackthis log. posted after that will be a log from bitdefender from a virus scan. what ever is on this computer is making files like there is no tomorrow.

Logfile of HijackThis v1.99.1
Scan saved at 11:26:32 AM, on 3/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Documents and Settings\Owner.KATS\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\System32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\bfocc.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,lavgnde.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe"
O4 - HKCU\..\Run: [netapi] "C:\WINDOWS\System32\netapi.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

sorry this data is kinda long.  you will see alot of trojan and other icky things.


//-----------------------------------------------------------------
//
//   Product: BitDefender 9 Internet Security
//   Version: 9.0
//
//   Created on:   26/03/2006   09:14:08
//
//-----------------------------------------------------------------


Virus Statistics

Scan path   : C:\WINDOWS\System32\
Folders   : 480
Files   :  9165
Archives   : 51
Packed files   : 300
Identified viruses   : 0
Infected files   : 0
Warnings   : 0
Suspect files   : 2
Disinfected files   : 0
Deleted files   : 0
Copied files   : 2
Moved files   : 0
Renamed files   : 0
I/O errors   : 13
Scan time   : 00:04:12
Scan speed (files/sec)   : 36

Virus definitions   : 247948
Scan plugins   : 15
Archive plugins   : 42
Unpack plugins   : 4
Mail plugins   : 6
System plugins   : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[X] Show all files in log
[X] Report file: C:\Program Files\Softwin\BitDefender9\Logs\vscan_1143382448.log


Summary:

C:\WINDOWS\System32\bfocc.exe   Suspect: BehavesLike:Trojan.ShellStartup
C:\WINDOWS\System32\bfocc.exe   Copied
C:\WINDOWS\System32\kuxxdw.exe   Suspect: BehavesLike:Trojan.ShellStartup
C:\WINDOWS\System32\kuxxdw.exe   Copied

Scanned files

C:\=>Master Boot Record   OK
C:\=>Primary partition 1   OK
C:\=>Primary partition 2 (Active)   OK
C:\WINDOWS\System32\$ncsp$.inf   OK
C:\WINDOWS\System32\$winnt$.inf   OK
C:\WINDOWS\System32\00F01748_kds.xml   OK
C:\WINDOWS\System32\1033\dwintl.dll   OK
C:\WINDOWS\System32\12520437.cpx   OK
C:\WINDOWS\System32\12520850.cpx   OK
C:\WINDOWS\System32\1_ssetup.ini   OK
C:\WINDOWS\System32\24wwxsp1.txt   OK
C:\WINDOWS\System32\62645D65666365\8A8C858D8E8B8D   OK
C:\WINDOWS\System32\62645D65666365\8C8E878F908D8F   OK
C:\WINDOWS\System32\62645D65666365\CCCEC7CFD0CDCF   OK
C:\WINDOWS\System32\62645D65666365\CED0C9D1D2CFD1   OK
C:\WINDOWS\System32\62645D65666365\D8DAD3DBDCD9DB   OK
C:\WINDOWS\System32\62645D65666365\D9DBD4DCDDDADC   OK
C:\WINDOWS\System32\62645D65666365\DBDDD6DEDFDCDE   OK
C:\WINDOWS\System32\6to4svc.dll   OK
C:\WINDOWS\System32\a3d.dll   OK
C:\WINDOWS\System32\aaaamon.dll   OK
C:\WINDOWS\System32\aamd532.dll   OK
C:\WINDOWS\System32\access.cpl   OK
C:\WINDOWS\System32\acctres.dll   OK
C:\WINDOWS\System32\accwiz.exe   OK
C:\WINDOWS\System32\acelpdec.ax   OK
C:\WINDOWS\System32\acledit.dll   OK
C:\WINDOWS\System32\aclui.dll   OK
C:\WINDOWS\System32\activeds.dll   OK
C:\WINDOWS\System32\activeds.tlb   OK
C:\WINDOWS\System32\ActiveScan\ActiveScan\pav.sig   OK
C:\WINDOWS\System32\ActiveScan\as.dll   OK
C:\WINDOWS\System32\ActiveScan\ascontrol.dll   OK
C:\WINDOWS\System32\ActiveScan\asmdat.dll   OK
C:\WINDOWS\System32\ActiveScan\certdll.dll   OK
C:\WINDOWS\System32\ActiveScan\getrootcert.cer   OK
C:\WINDOWS\System32\ActiveScan\instlsp.dll   OK
C:\WINDOWS\System32\ActiveScan\memvfile.dll   OK
C:\WINDOWS\System32\ActiveScan\msvcr71.dll   OK
C:\WINDOWS\System32\ActiveScan\PAV.SIG   OK
C:\WINDOWS\System32\ActiveScan\pavaleas.dll   OK
C:\WINDOWS\System32\ActiveScan\pavdr.exe   OK
C:\WINDOWS\System32\ActiveScan\pavexcom.dll   OK
C:\WINDOWS\System32\ActiveScan\pavinas.dll   OK
C:\WINDOWS\System32\ActiveScan\pavoe.dll   OK
C:\WINDOWS\System32\ActiveScan\pavpz.dll   OK
C:\WINDOWS\System32\ActiveScan\pfdnnt.exe   OK
C:\WINDOWS\System32\ActiveScan\port32.dll   OK
C:\WINDOWS\System32\ActiveScan\pskahk.dll   OK
C:\WINDOWS\System32\ActiveScan\pskalloc.dll   OK
C:\WINDOWS\System32\ActiveScan\pskas.dll   OK
C:\WINDOWS\System32\ActiveScan\pskavs.dll   OK
C:\WINDOWS\System32\ActiveScan\pskcmp.dll   OK
C:\WINDOWS\System32\ActiveScan\pskfss.dll   OK
C:\WINDOWS\System32\ActiveScan\pskhtml.dll   OK
C:\WINDOWS\System32\ActiveScan\pskmas.dll   OK
C:\WINDOWS\System32\ActiveScan\pskmdfs.dll   OK
C:\WINDOWS\System32\ActiveScan\pskpack.dll   OK
C:\WINDOWS\System32\ActiveScan\pskscs.dll   OK
C:\WINDOWS\System32\ActiveScan\pskutil.dll   OK
C:\WINDOWS\System32\ActiveScan\pskvfile.dll   OK
C:\WINDOWS\System32\ActiveScan\pskvfs.dll   OK
C:\WINDOWS\System32\ActiveScan\pskvm.dll   OK
C:\WINDOWS\System32\ActiveScan\psscan.dll   OK
C:\WINDOWS\System32\ActiveScan\qrv.krn   OK
C:\WINDOWS\System32\ActiveScan\sporder.dll   OK
C:\WINDOWS\System32\ActiveScan\tcpvfile.dll   OK
C:\WINDOWS\System32\actmovie.exe   OK
C:\WINDOWS\System32\actskn43.ocx   OK
C:\WINDOWS\System32\actxprxy.dll   OK
C:\WINDOWS\System32\admparse.dll   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\AceLite.dll   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\Agm.dll   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\Bib.dll   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\CoolType.dll   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\NPSVGVw.dll   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\ReadMe.html   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVG Viewer License.txt   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGAbout.svg   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGControl.dll   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGHelp.html   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGRSRC.DLL   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGView.dll   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.dict   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.dict=>(unicode)   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.ini   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/SVGViewer.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/Attr.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/CDATASection.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/CharacterData.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/Comment.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/Document.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/DocumentFragment.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/DocumentType.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/DOMException.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/DOMImplementation.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/Element.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/Entity.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/EntityReference.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/NamedNodeMap.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/Node.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/NodeList.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/Notation.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/ProcessingInstruction.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/Text.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/Counter.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/CSS2Properties.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/CSSCharsetRule.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/CSSFontFaceRule.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/CSSImportRule.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/CSSMediaRule.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/CSSPageRule.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/CSSPrimitiveValue.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/CSSRule.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/CSSRuleList.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/CSSStyleDeclaration.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/CSSStyleRule.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/CSSStyleSheet.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/CSSUnknownRule.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/CSSValue.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/CSSValueList.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/DocumentCSS.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/DOMImplementationCSS.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/ElementCSSInlineStyle.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/Rect.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/RGBColor.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/css/ViewCSS.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/events/DocumentEvent.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/events/Event.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/events/EventException.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/events/EventListener.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/events/EventTarget.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/events/MouseEvent.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/events/UIEvent.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/smil/ElementTimeControl.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/stylesheets/DocumentStyle.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/stylesheets/LinkStyle.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/stylesheets/MediaList.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/stylesheets/StyleSheet.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/stylesheets/StyleSheetList.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/views/AbstractView.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/views/DocumentView.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/GetSVGDocument.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAltGlyphDefElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAltGlyphElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAltGlyphItemElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAngle.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimateColorElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimatedAngle.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimatedBoolean.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimatedEnumeration.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimatedInteger.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimatedLength.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimatedLengthList.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimatedNumber.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimatedNumberList.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimatedPathData.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimatedPoints.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimatedPreserveAspectRatio.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimatedRect.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimatedString.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimatedTransformList.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimateElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimateMotionElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimateTransformElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGAnimationElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGCircleElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGClipPathElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGColor.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGColorProfileElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGColorProfileRule.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGComponentTransferFunctionElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGCSSRule.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGCursorElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGDefinitionSrcElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGDefsElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGDescElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGDocument.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGElementInstance.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGElementInstanceList.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGEllipseElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGEvent.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGException.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGExternalResourcesRequired.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEBlendElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEColorMatrixElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEComponentTransferElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFECompositeElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEConvolveMatrixElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEDiffuseLightingElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEDisplacementMapElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEDistantLightElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEFloodElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEFuncAElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEFuncBElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEFuncGElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEFuncRElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEGaussianBlurElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEImageElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEMergeElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEMergeNodeElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEMorphologyElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEOffsetElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFEPointLightElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFESpecularLightingElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFESpotLightElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFETileElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFETurbulenceElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFilterElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFilterPrimitiveStandardAttributes.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFitToViewBox.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFontElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFontFaceElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFontFaceFormatElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFontFaceNameElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFontFaceSrcElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGFontFaceUriElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGForeignObjectElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGGElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGGlyphElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGGlyphRefElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGGradientElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGHKernElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGICCColor.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGImageElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGLangSpace.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGLength.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGLengthList.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGLinearGradientElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGLineElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGLocatable.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGMarkerElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGMaskElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGMatrix.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGMetadataElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGMissingGlyphElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGNumber.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGNumberList.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPaint.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSeg.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegArcAbs.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegArcRel.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegClosePath.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegCurvetoCubicAbs.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegCurvetoCubicRel.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegCurvetoCubicSmoothAbs.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegCurvetoCubicSmoothRel.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegCurvetoQuadraticAbs.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegCurvetoQuadraticRel.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegCurvetoQuadraticSmoothAbs.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegCurvetoQuadraticSmoothRel.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegLinetoAbs.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegLinetoHorizontalAbs.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegLinetoHorizontalRel.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegLinetoRel.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegLinetoVerticalAbs.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegLinetoVerticalRel.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegList.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegMovetoAbs.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPathSegMovetoRel.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPatternElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPoint.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPointList.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPolygonElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPolylineElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGPreserveAspectRatio.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGRadialGradientElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGRect.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGRectElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGRenderingIntent.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGScriptElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGSetElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGStopElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGStringList.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGStylable.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGStyleElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGSVGElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGSwitchElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGSymbolElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGTests.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGTextContentElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGTextElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGTextPathElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGTextPositioningElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGTitleElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGTransform.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGTransformable.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGTransformList.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGTRefElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGTSpanElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGUnitTypes.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGURIReference.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGUseElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGViewElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGViewSpec.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGVKernElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGZoomAndPan.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>org/w3c/dom/svg/SVGZoomEvent.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JAttr.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JCDATASection.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JCharacterData.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JComment.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JDocument.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JDocumentFragment.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JDocumentType.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JDOMException.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JDOMImplementation.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JEntity.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JEntityReference.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JNamedNodeMap.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JNode.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JNodeList.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JNotation.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JProcessingInstruction.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JSVGDocument.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JSVGElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JSVGPoint.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JSVGRect.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JSVGSVGElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JSVGTextContentElement.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/JText.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/css/JCSSStyleDeclaration.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/events/JEvent.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/events/JKeyEvent.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/events/JMouseEvent.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/events/JUIEvent.class   OK
C:\WINDOWS\System32\Adobe\SVG Viewer\SVGViewer.zip=>com/adobe/svg/events/KeyEvent.class   OK
C:\WINDOWS\System32\adptif.dll   OK
C:\WINDOWS\System32\adsldp.dll   OK
C:\WINDOWS\System32\adsldpc.dll   OK
C:\WINDOWS\System32\adsmsext.dll   OK
C:\WINDOWS\System32\adsnds.dll   OK
C:\WINDOWS\System32\adsnt.dll   OK
C:\WINDOWS\System32\adsnw.dll   OK
C:\WINDOWS\System32\advapi32.dll   OK
C:\WINDOWS\System32\advpack.dll   OK
C:\WINDOWS\System32\ahui.exe   OK
C:\WINDOWS\System32\alg.exe   OK
C:\WINDOWS\System32\alrsvc.dll   OK
C:\WINDOWS\System32\ALSNDMGR.CPL   OK
C:\WINDOWS\System32\amcompat.tlb   OK
C:\WINDOWS\System32\amstream.dll   OK
C:\WINDOWS\System32\ansi.sys   OK
C:\WINDOWS\System32\aolddial.dll   OK
C:\WINDOWS\System32\AolIPInterfaceHistory.ini   OK
C:\WINDOWS\System32\apcups.dll   OK
C:\WINDOWS\System32\append.exe   OK
C:\WINDOWS\System32\apphelp.dll   OK
C:\WINDOWS\System32\appmgmts.dll   OK
C:\WINDOWS\System32\appmgr.dll   OK
C:\WINDOWS\System32\appwiz.cpl   OK
C:\WINDOWS\System32\arp.exe   OK
C:\WINDOWS\System32\asctrls.ocx   OK
C:\WINDOWS\System32\asferror.dll   OK
C:\WINDOWS\System32\asfsipc.dll   OK
C:\WINDOWS\System32\asinst.cfg   OK
C:\WINDOWS\System32\asr_fmt.exe   OK
C:\WINDOWS\System32\asr_ldm.exe   OK
C:\WINDOWS\System32\asr_pfu.exe   OK
C:\WINDOWS\System32\asuninst.exe   OK
C:\WINDOWS\System32\asycfilt.dll   OK
C:\WINDOWS\System32\at.exe   OK
C:\WINDOWS\System32\ATHPRXY.DLL   OK
C:\WINDOWS\System32\ati2cqag.dll   OK
C:\WINDOWS\System32\ati2dvaa.dll   OK
C:\WINDOWS\System32\ati2dvag.dll   OK
C:\WINDOWS\System32\ati3d1ag.dll   OK
C:\WINDOWS\System32\ati3duag.dll   OK
C:\WINDOWS\System32\ativdaxx.ax   OK
C:\WINDOWS\System32\ativmvxx.ax   OK
C:\WINDOWS\System32\ativtmxx.dll   OK
C:\WINDOWS\System32\ativvaxx.dll   OK
C:\WINDOWS\System32\atkctrs.dll   OK
C:\WINDOWS\System32\atl.dll   OK
C:\WINDOWS\System32\atl71.dll   OK
C:\WINDOWS\System32\atmadm.exe   OK
C:\WINDOWS\System32\atmfd.dll   OK
C:\WINDOWS\System32\atmlib.dll   OK
C:\WINDOWS\System32\atmpvcno.dll   OK
C:\WINDOWS\System32\atrace.dll   OK
C:\WINDOWS\System32\attrib.exe   OK
C:\WINDOWS\System32\Audio3D.dll   OK
C:\WINDOWS\System32\Audiodev.dll   OK
C:\WINDOWS\System32\audiosrv.dll   OK
C:\WINDOWS\System32\auditusr.exe   OK
C:\WINDOWS\System32\authz.dll   OK
C:\WINDOWS\System32\autochk.exe   OK
C:\WINDOWS\System32\autoconv.exe   OK
C:\WINDOWS\System32\autodisc.dll   OK
C:\WINDOWS\System32\AUTOEXEC.NT   OK
C:\WINDOWS\System32\autofmt.exe   OK
C:\WINDOWS\System32\autolfn.exe   OK
C:\WINDOWS\System32\avicap.dll   OK
C:\WINDOWS\System32\avicap32.dll   OK
C:\WINDOWS\System32\avifil32.dll   OK
C:\WINDOWS\System32\avifile.dll   OK
C:\WINDOWS\System32\avmeter.dll   OK
C:\WINDOWS\System32\avtapi.dll   OK
C:\WINDOWS\System32\avwav.dll   OK
C:\WINDOWS\System32\b315cfed.dat   OK
C:\WINDOWS\System32\basesrv.dll   OK
C:\WINDOWS\System32\batmeter.dll   OK
C:\WINDOWS\System32\batt.dll   OK
C:\WINDOWS\System32\bcbie50.bpl   OK
C:\WINDOWS\System32\bcbmm.dll   OK
C:\WINDOWS\System32\bcbsmp50.bpl   OK
C:\WINDOWS\System32\bdaplgin.ax   OK
C:\WINDOWS\System32\bdeadmin.cpl   OK
C:\WINDOWS\System32\bfc42.dll   OK
C:\WINDOWS\System32\bfc42d.dll   OK
C:\WINDOWS\System32\bfocc.exe   Suspect: BehavesLike:Trojan.ShellStartup
C:\WINDOWS\System32\bfocc.exe   Copied
C:\WINDOWS\System32\bidispl.dll   OK
C:\WINDOWS\System32\bios1.rom   OK
C:\WINDOWS\System32\bios4.rom   OK
C:\WINDOWS\System32\bits\qmgr.dll   OK
C:\WINDOWS\System32\bitsprx2.dll   OK
C:\WINDOWS\System32\bitsprx3.dll   OK
C:\WINDOWS\System32\blackbox.dll   OK
C:\WINDOWS\System32\blastcln.exe   OK
C:\WINDOWS\System32\bootcfg.exe   OK
C:\WINDOWS\System32\bootok.exe   OK
C:\WINDOWS\System32\bootvid.dll   OK
C:\WINDOWS\System32\bootvrfy.exe   OK
C:\WINDOWS\System32\bopomofo.uce   OK
C:\WINDOWS\System32\borlndmm.dll   OK
C:\WINDOWS\System32\browselc.dll   OK
C:\WINDOWS\System32\browser.dll   OK
C:\WINDOWS\System32\browseui.dll   OK
C:\WINDOWS\System32\browsewm.dll   OK
C:\WINDOWS\System32\bthci.dll   OK
C:\WINDOWS\System32\bthprops.cpl   OK
C:\WINDOWS\System32\bthserv.dll   OK
C:\WINDOWS\System32\btpanui.dll   OK
C:\WINDOWS\System32\cabinet.dll   OK
C:\WINDOWS\System32\cabview.dll   OK
C:\WINDOWS\System32\cacls.exe   OK
C:\WINDOWS\System32\calc.exe   OK
C:\WINDOWS\System32\CamCpl.cpl   OK
C:\WINDOWS\System32\camocx.dll   OK
C:\WINDOWS\System32\capesnpn.dll   OK
C:\WINDOWS\System32\capicom.dll   OK
C:\WINDOWS\System32\cards.dll   OK
C:\WINDOWS\System32\Casino-on-Net.ico   OK
C:\WINDOWS\System32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CLASSES.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\codecs10.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\DAJAVAC.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\drm.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\DRM10.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\drmclien.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\DX3.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\dxbda.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\dxxp.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\FP4.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\h1c10210.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HPCRDP.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\IASNT4.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\IMS.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB890859.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893803v2_wxp.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB898461.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MAPIMIG.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\mediactr.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\mm20ex.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MPCD10.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MPPRE10.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MPSTUB10.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MSJDBC.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MSMSGS.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\msn7.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\msn9.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MSTSWEB.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MW770.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\netfx.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5IIS.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5INF.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NTPRINT.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem0.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem1.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem10.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem11.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem12.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem13.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem14.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem15.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem16.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem17.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem18.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem19.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem20.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem21.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem22.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem23.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem24.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem25.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem26.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem27.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem28.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem29.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem3.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem30.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem31.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem32.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem33.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem34.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem35.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem36.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem37.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem38.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem39.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem4.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem40.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem41.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem42.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem43.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem44.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem45.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem46.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem47.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem48.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem5.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem50.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem52.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem53.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem57.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem58.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem59.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem6.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem60.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem61.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem63.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem64.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem65.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem66.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem67.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem69.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem7.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem70.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem75.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem76.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem77.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem78.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem79.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem8.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem80.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem81.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem9.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\OEMBIOS.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\olddrm.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\olddrmclien.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oldWMFSDK.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Q327979.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\q329256.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Q329909.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Q331958.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Q810243.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Q811789.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\qcap.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\setup_wm.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\sp2.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\startoc.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\tabletpc.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TCLASSES.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WFC.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\wmdm.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMDM10.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\wmerrenu.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMFSDK.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMFSDK10.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\wmp.cat   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMP10.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMSET10.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WPD10.CAT   OK
C:\WINDOWS\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\XMLDSOC.CAT   OK
C:\WINDOWS\System32\CatRoot2\dberr.txt   OK
C:\WINDOWS\System32\CatRoot2\edb.chk   OK
C:\WINDOWS\System32\CatRoot2\edb.log   OK
C:\WINDOWS\System32\CatRoot2\res1.log   OK
C:\WINDOWS\System32\CatRoot2\res2.log   OK
C:\WINDOWS\System32\CatRoot2\tmp.edb   OK
C:\WINDOWS\System32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb   OK
C:\WINDOWS\System32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp   OK
C:\WINDOWS\System32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb   OK
C:\WINDOWS\System32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp   OK
C:\WINDOWS\System32\Cats Screensaver.scr   OK
C:\WINDOWS\System32\Cats Screensaver.scr=>(Embedded EXE o)   OK
C:\WINDOWS\System32\catsrv.dll   OK
C:\WINDOWS\System32\catsrvps.dll   OK
C:\WINDOWS\System32\catsrvut.dll   OK
C:\WINDOWS\System32\cc3250.dll   OK
C:\WINDOWS\System32\cc3250mt.dll   OK
C:\WINDOWS\System32\ccfgnt.dll   OK
C:\WINDOWS\System32\cdfview.dll   OK
C:\WINDOWS\System32\cdm.dll   OK
C:\WINDOWS\System32\cdmodem.dll   OK
C:\WINDOWS\System32\cdosys.dll   OK
C:\WINDOWS\System32\cdplayer.exe.manifest   OK
C:\WINDOWS\System32\cehelper.dll   OK
C:\WINDOWS\System32\certcli.dll   OK
C:\WINDOWS\System32\certmgr.dll   OK
C:\WINDOWS\System32\certmgr.msc   OK
C:\WINDOWS\System32\ceutil.dll   OK
C:\WINDOWS\System32\CEWMDM.dll   OK
C:\WINDOWS\System32\cfgbkend.dll   OK
C:\WINDOWS\System32\cfgmgr32.dll   OK
C:\WINDOWS\System32\charmap.exe   OK
C:\WINDOWS\System32\chcp.com   OK
C:\WINDOWS\System32\chkdsk.exe   OK
C:\WINDOWS\System32\chkntfs.exe   OK
C:\WINDOWS\System32\ciadmin.dll   OK
C:\WINDOWS\System32\ciadv.msc   OK
C:\WINDOWS\System32\cic.dll   OK
C:\WINDOWS\System32\cidaemon.exe   OK
C:\WINDOWS\System32\CIMSVR.exe   OK
C:\WINDOWS\System32\CIMSVRps.dll   OK
C:\WINDOWS\System32\CIMVIEW.dll   OK
C:\WINDOWS\System32\ciodm.dll   OK
C:\WINDOWS\System32\cipher.exe   OK
C:\WINDOWS\System32\cisvc.exe   OK
C:\WINDOWS\System32\ckcnv.exe   OK
C:\WINDOWS\System32\clb.dll   OK
C:\WINDOWS\System32\clbcatex.dll   OK
C:\WINDOWS\System32\clbcatq.dll   OK
C:\WINDOWS\System32\cleanmgr.exe   OK
C:\WINDOWS\System32\cliconf.chm   OK
C:\WINDOWS\System32\cliconf.chm=>/#SYSTEM   OK
C:\WINDOWS\System32\cliconf.chm=>/_what_is_microsoft_sql_server_client_configurationy.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_what_is_microsoft_sql_server_client_configurationy.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_general.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_general.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_named_pipes_protocol_default_value_setup.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_named_pipes_protocol_default_value_setup.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_tcp!ip_protocol_default_value_setup.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_tcp!ip_protocol_default_value_setup.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_multiprotocol_protocol_default_value_setup.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_multiprotocol_protocol_default_value_setup.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_nwlink_ipx!spx_protocol_default_value_setup.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_nwlink_ipx!spx_protocol_default_value_setup.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_appletalk_protocol_default_value_setup.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_appletalk_protocol_default_value_setup.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_banyan_vines_protocol_default_value_setup.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_banyan_vines_protocol_default_value_setup.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_via_protocol_default_value_setup.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_via_protocol_default_value_setup.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_alias.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_alias.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_namedpipes.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_namedpipes.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_tcpip.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_tcpip.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_multi.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_multi.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_ipxspx1.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_ipxspx1.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_ipxspx2.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_ipxspx2.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_apple.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_apple.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_vines.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_vines.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_add_(or_edit)_via_library_configuration.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_add_(or_edit)_via_library_configuration.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_others.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_add_others.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_dblib.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_dblib.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_netlib.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/idh_netlib.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_managing_clients.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_managing_clients.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_start_the_sql_client_configuration_utility_.28.windows_nt.2d_.or_windows_95.2d_.based_client.29.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_start_the_sql_client_configuration_utility_.28.windows_nt.2d_.or_windows_95.2d_.based_client.29.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_helphow_to_check_the_library_version_numbers.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_helphow_to_check_the_library_version_numbers.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_set_db.2d.library_conversion_preference.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_set_db.2d.library_conversion_preference.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_add_a_network_protocol_configuration_.28.client_configuration_utility.29.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_add_a_network_protocol_configuration_.28.client_configuration_utility.29.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_edit_a_network_protocol_configuration_.28.client_configuration_utility.29.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_edit_a_network_protocol_configuration_.28.client_configuration_utility.29.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_delete_a_network_protocol_configuration_.28.client_configuration_utility.29.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_delete_a_network_protocol_configuration_.28.client_configuration_utility.29.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_helphow_to_alias_a_client_to_an_alternate_pipe.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_helphow_to_alias_a_client_to_an_alternate_pipe.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_create_an_alias_for_a_specific_server_name_to_use_the_multi.2d.protocol_net.2d.library.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_create_an_alias_for_a_specific_server_name_to_use_the_multi.2d.protocol_net.2d.library.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_helphow_to_use_the_windows_sockets_net.2d.library_.28.windows.2d_.or_windows_nt.2d.based_clients.29.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_helphow_to_use_the_windows_sockets_net.2d.library_.28.windows.2d_.or_windows_nt.2d.based_clients.29.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_nwlink_ipx.2f.spx_network_protocol.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_nwlink_ipx.2f.spx_network_protocol.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_appletalk_network_protocol.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_appletalk_network_protocol.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_banyan_vines_network_protocol.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_banyan_vines_network_protocol.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_via_network_library_(client_network_utility).htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_via_network_library_(client_network_utility).htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_a_nonstandard_network_protocol.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_configure_a_client_to_a_nonstandard_network_protocol.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_helphow_to_verify_that_sql_server_is_listening_on_appletalk_and_can_accept_a_client_connection.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_helphow_to_verify_that_sql_server_is_listening_on_appletalk_and_can_accept_a_client_connection.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_check_the_odbc_sql_server_driver_version_.28.windows_95.2d.based_clients.29.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_how_to_check_the_odbc_sql_server_driver_version_.28.windows_95.2d.based_clients.29.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_topic_unavailable_in_help.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_topic_unavailable_in_help.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/_sql_server_2000_copyright_and_disclaimer.htm   OK
C:\WINDOWS\System32\cliconf.chm=>/_sql_server_2000_copyright_and_disclaimer.htm=>(JAVASCRIPT 2)   OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/coUA.css   OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/coUA_Ex.css   OK
C:\WINDOWS\System32\cliconf.chm=>/Basics/coUA_Print.css   OK
C:\WINDOWS\System32\clic
Logged
1972vet
Newbie
*
Posts: 47



View Profile
« Reply #4 on: March 26, 2006, 11:24:31 AM »
Looks like you got rid of l2me alright, good work! Now let's get rid of the "NetDevil" Virus.

First download and install these free cleaning applications:
    CCleaner
    Spybot Search and Destroy v1.4
    Ad-Aware SE Personal v1.06
    Ewido Security Suite
    [/list]

    Update all of the applications then:
    Please boot into safe mode by restarting the computer and tapping on the F8 key repeatedly at the first black screen. Continue tapping until you see the "Advanced" Log on menu. Select "Safe Mode". Once in safe mode continue with the instructions below:

    Follow these recommended installation instructions for the best scan set up:

    CCleaner[/color]

    Before first use, check under Options, Settings, and ensure "Only delete files in Windows Temp folder older than 48 hours" is unchecked.
    Then open it and select the items you wish to clean up.

    In the Windows Tab:
    I recommend cleaning all entries in the "Internet Explorer" section except Cookies.
    Clean all the entries in the "Windows Explorer" section
    Clean all entries in the "System" section
    Clean all entries in the "Advanced" section.

    In the Applications Tab:
    Clean all except cookies in the Firefox/Mozilla section if you use it.
    Clean all in the Opera section if you use it.
    Clean Sun Java in the Internet Section if you have it.
    Clean any others that you choose.

    Then click the "Run Cleaner" button

    Spybot Search and Destroy[/color]

    Go to Start > Programs >Spybot - Search & Destroy and when the program opens, click on the mode tab at the top left of the application window and select "advanced". Then click on Tools. In the menu on the left hand side you will see Resident, click there then in the right pane under "resident protection status" put a check mark in the box next to "resident SD helper (Internet explorer bad download blocker).
    Close ALL windows except Spybot S&D.

    Click the button to ‘Search for Updates’ and download and install the Updates. When the updates complete, please click "immunize" from the menu on the left. Then in the right pane click the +immunize button.
    Next click the "Search and Destroy" button from the left pane menu then click the "check for Problems" button in the right pane.
    Spybot will now scan your computer and display in the "problem" window any bad programs it finds. When the scan completes, it may show red, black, and green entries. Please put a check mark next to all the RED entries and click "fix selected problems". When finished, close the application. Reboot the computer and boot it back into "Safe Mode", then continue with the instructions below:

    Ad-Aware SE Personal[/color]

    1)  Run Ad-Aware, and click Check for updates now.

    2)  Select Configurations (click the Gear wheel at the top) as follows:
    • General Button > Safety & Settings:  Check (Green) all three.
    • Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
    Click Proceed.

    3)  To start the scan, Click > "Scan Now" at left
    • Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
    • Select "Search for low-risk threats"
    • Select "Perform full system scan"  
    • Click Next
    4)  When the scan has completed, select Next.
    • In the Scanning Results window, select the "Critical Objects" tab.
    • Right-click on the screen and choose "Select all objects"
    • Click Next to remove the infections found, and click OK to the prompt.
    • Restart the computer and boot back into "Safe Mode" then continue with the instructions below.


    Ewido Security Suit[/color]

    Double click on the downloaded installation file to launch the install process.
    During installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

    Launch ewido by double-clicking the "e" icon on your desktop.
    The program will prompt you to update - click the "OK" button.
    On the left side of the main screen, click on "Update" and then click "Start Update". The update will start and a progress bar will show the updates being installed.

    After the updates are installed, you will see "Update Successful" in the lower left corner. If you are having problems with the updater, manually update from here:
    http://www.ewido.net/en/download/updates/

    Once the updates are installed do the following:
    Click on "Scanner" and choose "Settings".
    Under the bottom section "What to Scan?" make sure "Scan every file" is selected.
    Select "OK" and you will return to scanning options.

    On the main screen click on "Complete System Scan" to start the scan.
    While the scan is in progress, you will be prompted to clean the first infected file it finds. Put a check next to "Perform action on all infections" in the lower left corner.
    Then choose "Clean" and click "OK".

    When the scan has completed, Ewido will create a report.txt file.
    Click the "Save Report" button on the bottom of the screen and save the log to your desktop.
    Exit Ewido when done.

    Please run Hijackthis again and put a check in the boxes next to these entries if they still exist:
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\bfocc.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,lavgnde.exe
    O4 - HKCU\..\Run: [netapi] "C:\WINDOWS\System32\netapi.exe

    Next, please make sure you close all other open windows except for HijackThis. Now click Fix Checked.

    Next, using Windows Explorer[/color] navigate to the following locations and delete the files in bold
    C:\WINDOWS\System32\bfocc.exe
    C:\WINDOWS\SYSTEM32\lavgnde.exe
    C:\WINDOWS\System32\netapi.exe

    Reboot the computer back into your normal user mode.
    Visit this site and run a complete system scan:
    http://housecall.trendmicro.com/

    When finished, reboot the computer again and post back a new HijackThis log along with the log from the Ewido scan.

    Good Luck,
    Disabled Vet
    Logged
    1972vet
    Newbie
    *
    Posts: 47



    View Profile
    « Reply #5 on: March 26, 2006, 11:30:31 AM »
    jjcool,
    Please note, I edited your instructions to update the free applications, then boot into safe mode.
    Logged
    jjcooll
    Newbie
    *
    Posts: 3


    View Profile
    « Reply #6 on: March 27, 2006, 08:35:46 PM »
    well I ran all the program you said and performed all the steps and everything but my problem still remains. virus scan still comes up with the same trojans. what, short of format c: can I do to fix this computer.  here is the lates hijack this. f2 will not delete.


    Logfile of HijackThis v1.99.1
    Scan saved at 9:26:31 PM, on 3/27/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\WINDOWS\System32\rundll32.exe
    c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\Owner.KATS\Desktop\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\bfocc.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,lavgnde.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [netapi] "C:\WINDOWS\System32\netapi.exe"
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
    Logged
    1972vet
    Newbie
    *
    Posts: 47



    View Profile
    « Reply #7 on: March 27, 2006, 11:20:56 PM »
    1) Click Start > Run, type Regedit then hit the Enter key.
    2) In the left-side of the registry editor, double click the following:
    HKEY_LOCAL_MACHINE > Software > Microsoft > Windows > CurrentVersion > Run
    3) In the right panel, look for and then delete this registry entry:
    “NETAPI�
    4) Restart your system.

    Then go Here and run a complete system scan.

    Post back a new HijackThis log.
    Logged
    golfer100
    Newbie
    *
    Posts: 1


    View Profile
    « Reply #8 on: June 26, 2006, 08:30:00 AM »
    Hope I am posting this to the right place.  Running routine scan using ParetoLogic's XoftspySE, I attempted to quarantine/delete a WarezP2P program.  However, at the end, Xoft indicated highlighted my sporder.dll file as potentially infected.  

    Is there a way to see if any malware has been loaded into this dll?  Xoft and Microsoft Defender (beta2) show nothing infected (ex as noted above).

    Thank you
    Logged
    1972vet
    Newbie
    *
    Posts: 47



    View Profile
    « Reply #9 on: June 26, 2006, 10:21:04 AM »
    You can upload the .dll here and scan it for free.
    Logged
    Pages: [1]
      Print  
    « previous next »
     
    Jump to:  




    Recommended software:
    STOPzilla
    (90/100)
    STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses,...
    Malwarebytes Anti Malware
    (88/100)
    There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t...
    Spyware Doctor
    (87/100)
    Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and...
    SpyHunter
    (86/100)
    SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are...
    XoftSpySE Anti Spyware
    (84/100)
    XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to...
    Encyclopedia of parasites:

    Spreading the knowledge:

    It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
    add text box
    rss feed
    help other
    Latest Spyware Threats: Internet Security 2012 | Win 7 Total security 2012 | System Check | Win 7 Internet Security 2012 | Win 7 Home Security 2012 | Win 7 Antivirus 2012 | Win 7 Antispyware 2012 | Vista Security 2012 | Vista Antivirus 2012 | Vista Antispyware 2012 | XP Antispyware 2012 | XP Antivirus 2012 | XP Security 2012 | XP Home Security 2012 | Security Shield
    Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
    © 2001-2011 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.