Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hitman Pro detecting proxy server 127.0.0.1:6092


  • Please log in to reply
25 replies to this topic

#1 RockyE

RockyE

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 05 March 2012 - 03:41 PM

I had a search engine redirect virus, and after some research I used Hitman pro to identify a rootkit and TDSSKiller to remove It. It fixed the redirect problem but then informed me that I'm using a proxy server, identified as 127.0.0.1:6092. It repairs it until I restart my computer, then the proxy server comes back. I've been able to remove every virus I've had before but I need help with this one.

Thank You
-Rocky E.

Edited by Budapest, 05 March 2012 - 04:18 PM.
Moved from XP ~Budapest


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:20 PM

Posted 05 March 2012 - 04:11 PM

Can you post the tdss log? It is located in the root of C:\

#3 RockyE

RockyE
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 05 March 2012 - 06:12 PM

20:55:46.0078 2748 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
20:55:48.0078 2748 ============================================================
20:55:48.0078 2748 Current date / time: 2012/03/03 20:55:48.0078
20:55:48.0078 2748 SystemInfo:
20:55:48.0078 2748
20:55:48.0078 2748 OS Version: 5.1.2600 ServicePack: 3.0
20:55:48.0078 2748 Product type: Workstation
20:55:48.0078 2748 ComputerName: COMPUTER
20:55:48.0078 2748 UserName: HP_Administrator
20:55:48.0078 2748 Windows directory: C:\WINDOWS
20:55:48.0078 2748 System windows directory: C:\WINDOWS
20:55:48.0078 2748 Processor architecture: Intel x86
20:55:48.0078 2748 Number of processors: 2
20:55:48.0078 2748 Page size: 0x1000
20:55:48.0078 2748 Boot type: Normal boot
20:55:48.0078 2748 ============================================================
20:55:50.0515 2748 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:55:50.0562 2748 \Device\Harddisk0\DR0:
20:55:50.0562 2748 MBR used
20:55:50.0562 2748 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C00E5BE
20:55:50.0562 2748 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1C0124BE, BlocksNum 0x11B20C3
20:55:50.0609 2748 Initialize success
20:55:50.0609 2748 ============================================================
20:56:06.0937 2668 ============================================================
20:56:06.0937 2668 Scan started
20:56:06.0937 2668 Mode: Manual;
20:56:06.0937 2668 ============================================================
20:56:07.0875 2668 Abiosdsk - ok
20:56:07.0921 2668 abp480n5 - ok
20:56:08.0015 2668 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:56:08.0031 2668 ACPI - ok
20:56:08.0093 2668 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:56:08.0093 2668 ACPIEC - ok
20:56:08.0140 2668 adpu160m - ok
20:56:08.0171 2668 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:56:08.0187 2668 aec - ok
20:56:08.0281 2668 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
20:56:08.0281 2668 AFD - ok
20:56:08.0453 2668 Aha154x - ok
20:56:08.0500 2668 aic78u2 - ok
20:56:08.0890 2668 aic78xx - ok
20:56:09.0234 2668 AliIde - ok
20:56:09.0484 2668 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
20:56:09.0484 2668 AmdK8 - ok
20:56:09.0515 2668 amsint - ok
20:56:09.0625 2668 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
20:56:09.0625 2668 aracpi - ok
20:56:09.0687 2668 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
20:56:09.0687 2668 arhidfltr - ok
20:56:09.0718 2668 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
20:56:09.0718 2668 arkbcfltr - ok
20:56:09.0765 2668 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
20:56:09.0765 2668 armoucfltr - ok
20:56:09.0843 2668 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:56:09.0843 2668 Arp1394 - ok
20:56:09.0890 2668 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
20:56:09.0890 2668 ARPolicy - ok
20:56:09.0906 2668 asc - ok
20:56:09.0953 2668 asc3350p - ok
20:56:10.0015 2668 asc3550 - ok
20:56:10.0109 2668 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:56:10.0109 2668 AsyncMac - ok
20:56:10.0171 2668 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:56:10.0171 2668 atapi - ok
20:56:10.0187 2668 Atdisk - ok
20:56:10.0250 2668 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:56:10.0250 2668 Atmarpc - ok
20:56:10.0265 2668 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:56:10.0265 2668 audstub - ok
20:56:10.0406 2668 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
20:56:10.0406 2668 avgio - ok
20:56:10.0468 2668 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:56:10.0484 2668 avgntflt - ok
20:56:10.0515 2668 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:56:10.0531 2668 avipbb - ok
20:56:10.0625 2668 BCM42RLY - ok
20:56:11.0000 2668 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:56:11.0000 2668 Beep - ok
20:56:11.0078 2668 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
20:56:11.0078 2668 BrScnUsb - ok
20:56:11.0140 2668 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys
20:56:11.0140 2668 BrSerIf - ok
20:56:11.0187 2668 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
20:56:11.0187 2668 BrUsbSer - ok
20:56:11.0218 2668 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:56:11.0234 2668 cbidf2k - ok
20:56:11.0296 2668 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:56:11.0312 2668 CCDECODE - ok
20:56:11.0359 2668 cd20xrnt - ok
20:56:11.0437 2668 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:56:11.0437 2668 Cdaudio - ok
20:56:11.0531 2668 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:56:11.0546 2668 Cdfs - ok
20:56:11.0578 2668 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:56:11.0593 2668 Cdrom - ok
20:56:11.0625 2668 Changer - ok
20:56:11.0687 2668 CmdIde - ok
20:56:11.0765 2668 Cpqarray - ok
20:56:11.0828 2668 dac2w2k - ok
20:56:11.0906 2668 dac960nt - ok
20:56:11.0953 2668 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:56:11.0953 2668 Disk - ok
20:56:12.0046 2668 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:56:12.0078 2668 dmboot - ok
20:56:12.0140 2668 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:56:12.0140 2668 dmio - ok
20:56:12.0203 2668 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:56:12.0203 2668 dmload - ok
20:56:12.0265 2668 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:56:12.0265 2668 DMusic - ok
20:56:12.0296 2668 dpti2o - ok
20:56:12.0328 2668 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:56:12.0328 2668 drmkaud - ok
20:56:12.0531 2668 eeCtrl (e89cc1363cb7f5320ae3b41c1333d0c3) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:56:12.0546 2668 eeCtrl - ok
20:56:12.0703 2668 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:56:12.0703 2668 Fastfat - ok
20:56:12.0734 2668 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:56:12.0734 2668 Fdc - ok
20:56:12.0781 2668 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:56:12.0796 2668 Fips - ok
20:56:12.0812 2668 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:56:12.0812 2668 Flpydisk - ok
20:56:12.0890 2668 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:56:12.0906 2668 FltMgr - ok
20:56:12.0984 2668 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:56:12.0984 2668 Fs_Rec - ok
20:56:13.0046 2668 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:56:13.0046 2668 Ftdisk - ok
20:56:13.0078 2668 ftsata2 - ok
20:56:13.0203 2668 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:56:13.0203 2668 GEARAspiWDM - ok
20:56:13.0250 2668 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:56:13.0250 2668 Gpc - ok
20:56:13.0312 2668 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
20:56:13.0343 2668 GTNDIS5 - ok
20:56:13.0453 2668 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:56:13.0468 2668 HDAudBus - ok
20:56:13.0578 2668 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:56:13.0578 2668 HidUsb - ok
20:56:13.0625 2668 hpn - ok
20:56:13.0734 2668 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:56:13.0734 2668 HPZid412 - ok
20:56:13.0812 2668 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:56:13.0812 2668 HPZipr12 - ok
20:56:13.0875 2668 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:56:13.0890 2668 HPZius12 - ok
20:56:13.0953 2668 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
20:56:13.0953 2668 HSXHWBS2 - ok
20:56:14.0093 2668 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
20:56:14.0125 2668 HSX_DP - ok
20:56:14.0250 2668 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:56:14.0250 2668 HTTP - ok
20:56:14.0328 2668 i2omgmt - ok
20:56:14.0390 2668 i2omp - ok
20:56:14.0453 2668 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:56:14.0453 2668 i8042prt - ok
20:56:14.0546 2668 iaStor (6a9987736dc4d55d64ab25c6c89e4fea) C:\WINDOWS\system32\DRIVERS\iaStor.sys
20:56:14.0562 2668 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\iaStor.sys. Real md5: 6a9987736dc4d55d64ab25c6c89e4fea, Fake md5: 96a4178858138797d242484d6b4b9a72
20:56:14.0562 2668 iaStor ( Rootkit.Win32.TDSS.tdl3 ) - infected
20:56:14.0562 2668 iaStor - detected Rootkit.Win32.TDSS.tdl3 (0)
20:56:14.0640 2668 ICAM5USB (0a8a464d0dfd3257b72792248b44fc93) C:\WINDOWS\system32\Drivers\Icam5USB.sys
20:56:14.0656 2668 ICAM5USB - ok
20:56:14.0765 2668 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:56:14.0765 2668 Imapi - ok
20:56:14.0812 2668 ini910u - ok
20:56:15.0046 2668 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:56:15.0218 2668 IntcAzAudAddService - ok
20:56:15.0328 2668 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:56:15.0328 2668 IntelIde - ok
20:56:15.0390 2668 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:56:15.0406 2668 intelppm - ok
20:56:15.0468 2668 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:56:15.0468 2668 Ip6Fw - ok
20:56:15.0562 2668 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:56:15.0578 2668 IpFilterDriver - ok
20:56:15.0640 2668 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:56:15.0640 2668 IpInIp - ok
20:56:15.0687 2668 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:56:15.0703 2668 IpNat - ok
20:56:15.0750 2668 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:56:15.0750 2668 IPSec - ok
20:56:15.0781 2668 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:56:15.0781 2668 IRENUM - ok
20:56:15.0843 2668 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:56:15.0859 2668 isapnp - ok
20:56:15.0890 2668 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:56:15.0890 2668 Kbdclass - ok
20:56:15.0921 2668 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:56:15.0921 2668 kmixer - ok
20:56:15.0984 2668 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:56:15.0984 2668 KSecDD - ok
20:56:16.0015 2668 lbrtfdc - ok
20:56:16.0109 2668 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:56:16.0125 2668 mdmxsdk - ok
20:56:16.0187 2668 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:56:16.0187 2668 MHNDRV - ok
20:56:16.0234 2668 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:56:16.0250 2668 mnmdd - ok
20:56:16.0328 2668 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:56:16.0328 2668 Modem - ok
20:56:16.0375 2668 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:56:16.0375 2668 Mouclass - ok
20:56:16.0437 2668 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:56:16.0437 2668 mouhid - ok
20:56:16.0484 2668 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:56:16.0484 2668 MountMgr - ok
20:56:16.0515 2668 mraid35x - ok
20:56:16.0562 2668 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:56:16.0578 2668 MRxDAV - ok
20:56:16.0671 2668 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:56:16.0703 2668 MRxSmb - ok
20:56:16.0734 2668 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:56:16.0750 2668 Msfs - ok
20:56:16.0796 2668 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:56:16.0796 2668 MSKSSRV - ok
20:56:16.0875 2668 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:56:16.0890 2668 MSPCLOCK - ok
20:56:16.0937 2668 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:56:16.0937 2668 MSPQM - ok
20:56:17.0031 2668 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:56:17.0031 2668 mssmbios - ok
20:56:17.0109 2668 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:56:17.0109 2668 MSTEE - ok
20:56:17.0187 2668 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
20:56:17.0187 2668 Mup - ok
20:56:17.0234 2668 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:56:17.0234 2668 NABTSFEC - ok
20:56:17.0343 2668 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:56:17.0343 2668 NDIS - ok
20:56:17.0390 2668 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:56:17.0390 2668 NdisIP - ok
20:56:17.0453 2668 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:56:17.0453 2668 NdisTapi - ok
20:56:17.0500 2668 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:56:17.0500 2668 Ndisuio - ok
20:56:17.0546 2668 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:56:17.0546 2668 NdisWan - ok
20:56:17.0656 2668 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
20:56:17.0656 2668 NDProxy - ok
20:56:17.0703 2668 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:56:17.0703 2668 NetBIOS - ok
20:56:17.0750 2668 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:56:17.0765 2668 NetBT - ok
20:56:17.0843 2668 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:56:17.0859 2668 NIC1394 - ok
20:56:17.0906 2668 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:56:17.0906 2668 Npfs - ok
20:56:17.0968 2668 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:56:18.0000 2668 Ntfs - ok
20:56:18.0093 2668 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:56:18.0093 2668 Null - ok
20:56:18.0296 2668 nv (642a87877f83313eb5302749cd479024) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:56:18.0453 2668 nv - ok
20:56:18.0562 2668 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
20:56:18.0562 2668 NVENETFD - ok
20:56:18.0609 2668 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
20:56:18.0609 2668 nvnetbus - ok
20:56:18.0671 2668 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:56:18.0671 2668 NwlnkFlt - ok
20:56:18.0750 2668 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:56:18.0750 2668 NwlnkFwd - ok
20:56:18.0859 2668 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:56:18.0859 2668 ohci1394 - ok
20:56:18.0921 2668 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:56:18.0921 2668 Parport - ok
20:56:18.0937 2668 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:56:18.0953 2668 PartMgr - ok
20:56:19.0031 2668 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:56:19.0031 2668 ParVdm - ok
20:56:19.0046 2668 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:56:19.0062 2668 PCI - ok
20:56:19.0093 2668 PCIDump - ok
20:56:19.0125 2668 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:56:19.0125 2668 PCIIde - ok
20:56:19.0187 2668 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:56:19.0203 2668 Pcmcia - ok
20:56:19.0250 2668 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
20:56:19.0250 2668 pcouffin - ok
20:56:19.0265 2668 PDCOMP - ok
20:56:19.0296 2668 PDFRAME - ok
20:56:19.0343 2668 PDRELI - ok
20:56:19.0375 2668 PDRFRAME - ok
20:56:19.0406 2668 perc2 - ok
20:56:19.0437 2668 perc2hib - ok
20:56:19.0484 2668 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:56:19.0500 2668 PptpMiniport - ok
20:56:19.0515 2668 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:56:19.0515 2668 Processor - ok
20:56:19.0546 2668 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
20:56:19.0546 2668 Ps2 - ok
20:56:19.0578 2668 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:56:19.0593 2668 PSched - ok
20:56:19.0671 2668 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:56:19.0671 2668 Ptilink - ok
20:56:19.0781 2668 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:56:19.0781 2668 PxHelp20 - ok
20:56:19.0812 2668 ql1080 - ok
20:56:19.0875 2668 Ql10wnt - ok
20:56:19.0953 2668 ql12160 - ok
20:56:20.0015 2668 ql1240 - ok
20:56:20.0093 2668 ql1280 - ok
20:56:20.0187 2668 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:56:20.0187 2668 RasAcd - ok
20:56:20.0234 2668 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:56:20.0234 2668 Rasl2tp - ok
20:56:20.0265 2668 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:56:20.0281 2668 RasPppoe - ok
20:56:20.0312 2668 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:56:20.0312 2668 Raspti - ok
20:56:20.0406 2668 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:56:20.0421 2668 Rdbss - ok
20:56:20.0453 2668 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:56:20.0453 2668 RDPCDD - ok
20:56:20.0531 2668 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:56:20.0546 2668 rdpdr - ok
20:56:20.0609 2668 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
20:56:20.0609 2668 RDPWD - ok
20:56:20.0671 2668 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:56:20.0671 2668 redbook - ok
20:56:20.0750 2668 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:56:20.0750 2668 rtl8139 - ok
20:56:20.0859 2668 SABDIFSV (895900fc306c93ed4797a191692bbaf4) C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABDIFSV.SYS
20:56:20.0875 2668 SABDIFSV - ok
20:56:20.0890 2668 SABKUTIL (6b4888345ba3764719592862bfde7d11) C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys
20:56:20.0890 2668 SABKUTIL - ok
20:56:20.0906 2668 SABProcEnum (e737a60011510680386cc56ebaf43e6a) C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys
20:56:20.0906 2668 SABProcEnum - ok
20:56:21.0015 2668 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:56:21.0015 2668 Secdrv - ok
20:56:21.0125 2668 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:56:21.0125 2668 Serial - ok
20:56:21.0156 2668 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:56:21.0171 2668 Sfloppy - ok
20:56:21.0218 2668 Simbad - ok
20:56:21.0265 2668 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:56:21.0265 2668 SLIP - ok
20:56:21.0359 2668 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:56:21.0359 2668 SONYPVU1 - ok
20:56:21.0406 2668 Sparrow - ok
20:56:21.0453 2668 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:56:21.0453 2668 splitter - ok
20:56:21.0515 2668 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:56:21.0515 2668 sr - ok
20:56:21.0562 2668 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
20:56:21.0593 2668 Srv - ok
20:56:21.0687 2668 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:56:21.0687 2668 ssmdrv - ok
20:56:21.0765 2668 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:56:21.0765 2668 streamip - ok
20:56:21.0859 2668 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:56:21.0875 2668 swenum - ok
20:56:21.0921 2668 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:56:21.0937 2668 swmidi - ok
20:56:22.0000 2668 symc810 - ok
20:56:22.0015 2668 symc8xx - ok
20:56:22.0078 2668 SymIM - ok
20:56:22.0125 2668 SymIMMP - ok
20:56:22.0203 2668 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
20:56:22.0203 2668 symlcbrd - ok
20:56:22.0250 2668 sym_hi - ok
20:56:22.0281 2668 sym_u3 - ok
20:56:22.0343 2668 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:56:22.0343 2668 sysaudio - ok
20:56:22.0437 2668 Tcpip (d9f19e78f98834cb411d6ad3c68d181a) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:56:22.0453 2668 Tcpip - ok
20:56:22.0515 2668 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:56:22.0515 2668 TDPIPE - ok
20:56:22.0578 2668 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:56:22.0578 2668 TDTCP - ok
20:56:22.0640 2668 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:56:22.0640 2668 TermDD - ok
20:56:22.0687 2668 TosIde - ok
20:56:22.0765 2668 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:56:22.0765 2668 Udfs - ok
20:56:22.0812 2668 ultra - ok
20:56:22.0875 2668 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:56:22.0890 2668 Update - ok
20:56:23.0000 2668 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:56:23.0000 2668 usbaudio - ok
20:56:23.0093 2668 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:56:23.0093 2668 usbccgp - ok
20:56:23.0171 2668 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:56:23.0187 2668 usbehci - ok
20:56:23.0218 2668 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:56:23.0218 2668 usbhub - ok
20:56:23.0312 2668 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:56:23.0312 2668 usbohci - ok
20:56:23.0375 2668 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:56:23.0375 2668 usbprint - ok
20:56:23.0468 2668 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:56:23.0468 2668 usbscan - ok
20:56:23.0515 2668 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:56:23.0531 2668 usbstor - ok
20:56:23.0578 2668 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:56:23.0578 2668 usbuhci - ok
20:56:23.0671 2668 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
20:56:23.0671 2668 USB_RNDIS - ok
20:56:23.0734 2668 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:56:23.0734 2668 VgaSave - ok
20:56:23.0765 2668 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:56:23.0765 2668 ViaIde - ok
20:56:23.0796 2668 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:56:23.0812 2668 VolSnap - ok
20:56:23.0906 2668 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
20:56:23.0953 2668 vsdatant - ok
20:56:24.0015 2668 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:56:24.0015 2668 Wanarp - ok
20:56:24.0031 2668 WDICA - ok
20:56:24.0078 2668 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:56:24.0078 2668 wdmaud - ok
20:56:24.0140 2668 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
20:56:24.0171 2668 winachsx - ok
20:56:24.0296 2668 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:56:24.0296 2668 WSTCODEC - ok
20:56:24.0406 2668 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:56:24.0406 2668 WudfPf - ok
20:56:24.0468 2668 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:56:24.0468 2668 WudfRd - ok
20:56:24.0531 2668 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0
20:56:24.0578 2668 \Device\Harddisk0\DR0 - ok
20:56:24.0578 2668 Boot (0x1200) (ed538ebc307d5e2d848cb1f44df72759) \Device\Harddisk0\DR0\Partition0
20:56:24.0578 2668 \Device\Harddisk0\DR0\Partition0 - ok
20:56:24.0593 2668 Boot (0x1200) (8a071b088195caedee157b0e94d79ae7) \Device\Harddisk0\DR0\Partition1
20:56:24.0593 2668 \Device\Harddisk0\DR0\Partition1 - ok
20:56:24.0593 2668 ============================================================
20:56:24.0593 2668 Scan finished
20:56:24.0593 2668 ============================================================
20:56:24.0609 0460 Detected object count: 1
20:56:24.0609 0460 Actual detected object count: 1
20:56:39.0281 0460 C:\WINDOWS\system32\DRIVERS\iaStor.sys - copied to quarantine
20:56:39.0406 0460 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:56:39.0437 0460 \Device\Harddisk0\DR0\TDLFS\tdl - copied to quarantine
20:56:39.0437 0460 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
20:56:39.0437 0460 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
20:56:39.0453 0460 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
20:56:39.0453 0460 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
20:56:39.0546 0460 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\iaStor.sys) error 13
20:56:40.0046 0460 Backup copy not found, trying to cure infected file..
20:56:40.0046 0460 Cure success, using it..
20:56:40.0078 0460 C:\WINDOWS\system32\DRIVERS\iaStor.sys - will be cured on reboot
20:56:40.0078 0460 iaStor ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
20:56:45.0062 3680 Deinitialize success

Edited by RockyE, 05 March 2012 - 06:13 PM.


#4 RockyE

RockyE
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 05 March 2012 - 06:32 PM

EDIT: ooops...no DDS in this forum

Edited by RockyE, 05 March 2012 - 06:49 PM.


#5 RockyE

RockyE
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 05 March 2012 - 06:47 PM

I also have the attach and ark files ready to attach I just can't find a way to attach them now.

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:20 PM

Posted 05 March 2012 - 11:46 PM

After TDSS how is the PC performing?

#7 RockyE

RockyE
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 06 March 2012 - 07:18 PM

It is fine, much faster. I have no problems utilizing search engines in either IE or Mozilla. I wouldn't know anything was wrong except for the proxy issue Hitman Pro is catching. I also scan Avira once a night and right not it's 63% finished with 198 detections, 14 warnings, and 14 suspicious files. The strange part of that is that I haven't used the computer since the last Avira scan yesterday. But still, performance seems fine.

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:20 PM

Posted 07 March 2012 - 01:35 PM

can you post those detections and what not?

#9 RockyE

RockyE
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 07 March 2012 - 09:58 PM

The scan didn't want to stop ..... I stopped it at 63% still and it was after 40+ hours with 573 detections...here's the report...it's super long


Avira AntiVir Personal
Report file date: Tuesday, March 06, 2012 05:00

Scanning for 3520012 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : COMPUTER

Version information:
BUILD.DAT : 10.2.0.707 36070 Bytes 1/25/2012 13:11:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 11/27/2011 21:52:49
AVSCAN.DLL : 10.0.5.0 47464 Bytes 11/27/2011 21:52:49
LUKE.DLL : 10.3.0.5 45416 Bytes 11/27/2011 21:52:52
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 11/27/2011 21:52:53
AVREG.DLL : 10.3.0.9 88833 Bytes 11/27/2011 21:52:53
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 17:55:40
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 22:34:27
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 05:25:39
VBASE004.VDF : 7.11.21.239 2048 Bytes 2/1/2012 05:25:39
VBASE005.VDF : 7.11.21.240 2048 Bytes 2/1/2012 05:25:39
VBASE006.VDF : 7.11.21.241 2048 Bytes 2/1/2012 05:25:40
VBASE007.VDF : 7.11.21.242 2048 Bytes 2/1/2012 05:25:40
VBASE008.VDF : 7.11.21.243 2048 Bytes 2/1/2012 05:25:40
VBASE009.VDF : 7.11.21.244 2048 Bytes 2/1/2012 05:25:40
VBASE010.VDF : 7.11.21.245 2048 Bytes 2/1/2012 05:25:40
VBASE011.VDF : 7.11.21.246 2048 Bytes 2/1/2012 05:25:40
VBASE012.VDF : 7.11.21.247 2048 Bytes 2/1/2012 05:25:41
VBASE013.VDF : 7.11.22.33 1486848 Bytes 2/3/2012 05:25:44
VBASE014.VDF : 7.11.22.56 687616 Bytes 2/3/2012 05:25:46
VBASE015.VDF : 7.11.22.92 178176 Bytes 2/6/2012 05:25:47
VBASE016.VDF : 7.11.22.154 144896 Bytes 2/8/2012 05:25:47
VBASE017.VDF : 7.11.22.220 183296 Bytes 2/13/2012 05:25:48
VBASE018.VDF : 7.11.23.34 202752 Bytes 2/15/2012 05:25:48
VBASE019.VDF : 7.11.23.98 126464 Bytes 2/17/2012 05:25:49
VBASE020.VDF : 7.11.23.150 148480 Bytes 2/20/2012 05:25:49
VBASE021.VDF : 7.11.23.224 172544 Bytes 2/23/2012 05:25:50
VBASE022.VDF : 7.11.24.52 219648 Bytes 2/28/2012 05:25:50
VBASE023.VDF : 7.11.24.152 165888 Bytes 3/5/2012 15:50:06
VBASE024.VDF : 7.11.24.153 2048 Bytes 3/5/2012 15:50:06
VBASE025.VDF : 7.11.24.154 2048 Bytes 3/5/2012 15:50:07
VBASE026.VDF : 7.11.24.155 2048 Bytes 3/5/2012 15:50:07
VBASE027.VDF : 7.11.24.156 2048 Bytes 3/5/2012 15:50:07
VBASE028.VDF : 7.11.24.157 2048 Bytes 3/5/2012 15:50:07
VBASE029.VDF : 7.11.24.158 2048 Bytes 3/5/2012 15:50:07
VBASE030.VDF : 7.11.24.159 2048 Bytes 3/5/2012 15:50:08
VBASE031.VDF : 7.11.24.162 26112 Bytes 3/5/2012 15:50:08
Engineversion : 8.2.10.8
AEVDF.DLL : 8.1.2.2 106868 Bytes 11/27/2011 21:52:44
AESCRIPT.DLL : 8.1.4.7 442746 Bytes 3/4/2012 05:26:01
AESCN.DLL : 8.1.8.2 131444 Bytes 1/29/2012 22:34:55
AESBX.DLL : 8.2.4.5 434549 Bytes 1/29/2012 22:34:56
AERDL.DLL : 8.1.9.15 639348 Bytes 11/27/2011 21:52:44
AEPACK.DLL : 8.2.16.3 799094 Bytes 3/4/2012 05:26:00
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 1/29/2012 22:34:53
AEHEUR.DLL : 8.1.4.0 4436342 Bytes 3/4/2012 05:25:59
AEHELP.DLL : 8.1.19.0 254327 Bytes 1/29/2012 22:34:48
AEGEN.DLL : 8.1.5.21 409971 Bytes 3/4/2012 05:25:54
AEEXP.DLL : 8.1.0.23 70005 Bytes 3/4/2012 05:26:01
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/4/2010 03:04:22
AECORE.DLL : 8.1.25.4 201079 Bytes 3/4/2012 05:25:53
AEBB.DLL : 8.1.1.0 53618 Bytes 5/30/2010 02:22:17
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.3.2 44904 Bytes 11/27/2011 21:52:49
AVREP.DLL : 10.0.0.10 174120 Bytes 11/27/2011 21:52:53
AVARKT.DLL : 10.0.26.1 255336 Bytes 11/27/2011 21:52:47
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 11/27/2011 21:52:48
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 11/27/2011 21:52:36
RCTEXT.DLL : 10.0.64.0 97640 Bytes 11/27/2011 21:52:36

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: Default
Primary action......................: repair
Secondary action....................: rename
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: Tuesday, March 06, 2012 05:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'jwh3lpp4.exe' - '1' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'SbieCtrl.exe' - '1' Module(s) have been scanned
Scan process 'bcont.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'arservice.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'brss01a.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SbieSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1184' files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '4cd670b8.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '54455eff.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '061a04f7.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '602a53e9.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '25a96f26.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '5ab25207.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '16707bfd.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '6a683bad.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '474c14fc.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '5e5a2f74.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '32060344.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '43c13ddf.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '4ddf0da8.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '08f67743.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '01fa0ba4.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '59bc61e7.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '75481f7d.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '4bcc7d56.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '28c25625.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '0e74163c.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '3c9e6d8b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '36db46f4.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '09f62c00.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '77dddf48.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '22a5de37.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '2f36c74c.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '336eb962.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '02bd8a8e.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '6e9d9d08.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '2707b80f.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '7ce0b0d2.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '1a20bcc5.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '4daece62.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '6fac9a0e.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '07b8e311.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '27ceeb20.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '72efb52b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '13ca9b39.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '7666dc63.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '13c7ab92.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '00239701.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '12e8ebb8.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '05ca8818.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '5fe8ba88.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '7a97d1f3.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '0ec8c974.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '2cca9e5d.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '595cdf91.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '720e87ca.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '1569c23b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '5e6ff9fe.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '5e91f3af.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '144ca6a0.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '7a17897a.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '3737d70a.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '5f61c2d4.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '25d4f87d.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '54869ab7.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '246498f2.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '5f11ea74.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '114a9ba9.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '6f47e557.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '1bddcd24.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '109b9151.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '43318281.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '2658a9eb.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '0ed1fcc1.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '7a76a422.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '357bdcf7.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '0aaa6d9d.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '7099ffac.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '2091fb25.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '76efec2f.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '315fe8fc.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '1261867a.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '5598af86.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '27fcfc12.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '0ce1bc6d.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '4f7cb209.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '05b2c4eb.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '08ff2197.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '2710865f.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '18d4cd86.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '2745dc5d.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '429c8c8b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '64cfabe5.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '6810f88b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '5d7a8e52.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '26287e46.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '002c7c24.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '6ca13595.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '4cc83857.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '2bca715c.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '560c17e0.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '0a41170e.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '421e2cf0.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '2cb44102.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '09011fba.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '7b680f16.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '15e13237.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '7b1d15b3.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '050f5e24.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '1c8526c2.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '0c7f6431.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '15f674fa.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '54de2f25.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '5a5a7b44.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '76717b9f.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '40f55412.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '409b3c10.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '3bc714a3.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '3e7a37a0.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '51e073c5.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '786f219b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '1c9c5470.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '75362448.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '000b73af.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '21e74884.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '03047ed0.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '04e41280.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '5b187cf7.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '0bf2afdf.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '53eec5e5.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '019f8419.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '0629e930.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '73b2dfb5.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '122894fa.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '03e6872b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '2a74cc4b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '0547b048.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '382391c1.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '11aadae7.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '1985a55e.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '64aa906c.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '6bddcca7.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '4118cd8c.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '200c8920.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '5f2bf8fd.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '46a6da3a.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '1e85bb01.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '0939ea88.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '78d7f5fb.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '771993e0.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '5f76cbca.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '128ecaeb.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '25289d49.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '2334d475.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '6a909287.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '5cb19cd2.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '28f7d4c5.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '0286ed80.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '45bce7f9.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '1f3fbec8.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '41e4d756.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '51eda01e.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '3939c064.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '182e82d3.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '73f6a431.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '736fe8d2.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '0dd7b81c.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '149bcfa0.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '0114b928.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '4c3dd13a.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '406fc44f.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '22f0b566.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '1354d655.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '7c5f8d1e.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '0a3ac57a.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '36a980c3.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '5a62ce55.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '5c21b3eb.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '355fa055.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '4f1ec438.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '4bd4bfcd.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '5c57825e.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '222fa254.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '10a2a1eb.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '4d19dcfa.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '1664bc9d.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '5724d2a1.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '59678b0b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '675deec4.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '6382970d.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '2a3aa4d1.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '0f998d92.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '2aa4b0df.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '5e079330.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '7f7ed276.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '5d829eb7.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '4480c1f1.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '059d3976.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '0adee760.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '6b22f645.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '2be3f423.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '68ec81fd.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '3e6a800b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '13baabb0.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '62b788a9.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '51c386df.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '51a6e8d6.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '099586c2.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '4a1d0974.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '0fd0c6ad.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '40e6d273.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '3e93e820.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '5e4ce5e8.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '3bc3ffae.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '4a89f259.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '678180ca.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '7ffa35d1.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '35e06eba.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '089a6a5f.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '143b2b3d.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '6dd6fac3.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '0fbc852a.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '7f84ee10.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '067fd064.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '1b738836.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '7b32812c.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '4c6788af.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '0001994e.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '052af035.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '508fcd2e.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '4c75e10a.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '467db16f.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '2189f09b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '2b5cab3b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '140e993b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '0f25a8bb.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '5ecaa7d6.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '11a79c1b.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '4f04973f.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '1e85a2b7.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '460abdb5.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '35add541.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '6fc8d29e.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '315089ea.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '69e48dfa.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '6387a30f.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '5702e860.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '5246b945.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '3ff1f664.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '3f77cd9a.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '46bb90dc.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '59078aae.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '2fb6812a.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '560cd0c5.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '4c8185c2.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '4215d3cb.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '6b5f9f0b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '480ec04e.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '54b6ffac.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '5f2aaf7e.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '3dad8fb0.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '55f19407.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '1e5ba787.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '38a7b188.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '3916dae4.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '5fb6d926.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '046abc90.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '3438cfa4.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '06f0ce3b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '6c21b848.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '60598e37.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '29349134.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '4405b91c.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '07678029.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '55b4f51e.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '1e83aaa5.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '01a3b70a.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '74f0baac.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '7e4d87c8.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '0733f4b8.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '350b9d02.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '7eaf9346.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '5b469c1f.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '057dd5c4.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '1cb6bb5d.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '4aa3ddac.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '6db4e230.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '3e6389ab.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '11b1a242.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '7eece22d.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '3f4ff77f.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '7d2199e5.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '61cd8d04.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '139993ae.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '125fdf87.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '5565e6c1.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '1be188ee.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '63ef87c1.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '42fabcfc.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '5572887e.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '1f5df213.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '14fac1a5.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '46a3c397.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '4f03e757.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '6badb18c.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '5eb9dab9.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '44558040.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '1033e76c.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '142fadf5.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '1f29a44e.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '4019a150.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '4ad69821.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '779b98bc.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '11a6a75f.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '1b8bbc04.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '635f27df.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '4a9f7056.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '594e1495.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '6b399f81.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '57c836de.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '72f31d0d.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '74c14069.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '0103607f.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '7fa82daa.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '275779e7.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '03447edd.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '4a265b9e.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '227222c0.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '6bc238fb.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '4f92aaa7.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '7ee81e3e.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '4f03257e.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '215c6e16.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '7ffd44e6.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '02b67e85.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '3c815311.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '00a51391.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '2978e3dd.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '07639356.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '0421b270.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '1ae5e98b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '4db5f372.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '6742ce4e.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '2e3cf3c6.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '23dbd2a6.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '10218cd8.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '3ee0cb4b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '0801af52.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '2f27b9df.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '55b9ae93.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '2aebbb6e.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '205c9867.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '1c83de74.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '020df5d4.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '6c998ef7.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '286cc6ae.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '179eeec4.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '46e2b445.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '21f7dc8d.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '6ba5ed36.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '7070c481.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '5475fa04.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '33a58ce7.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '1e1ff4dc.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '5ab0a029.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '6fbec122.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '27edd0f9.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '637af47b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '514fc61d.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '512b8d9c.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '30b4ad02.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '4e14ea57.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '5f958c1c.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '4dd6beb2.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '1e90a52f.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '79eab4c6.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '4717c1be.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '150daf35.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '18d7f45a.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '0806cc96.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '4a65bffe.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '6db9a535.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '227badae.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '47cbe7ee.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '1634b47a.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '2264c715.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '697bc2b1.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '1e00f131.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '269ccf56.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '2364daee.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '3841ec54.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '74dba35c.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '61aec552.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '7a45ba87.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '4ce6f925.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '2ffacaff.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '47858550.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '1b73ad84.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '5f35dbda.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '4ab8e5dd.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '4e9eb4b3.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '1e69cf43.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '398e9805.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '7bbcc98c.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '53f7faf4.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '1f4ca26d.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '4e15b77e.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '5d3d63e8.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '0af64a67.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '77de2f28.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '6af2504b.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '672109cf.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '015c3946.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '328e54e7.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '5fa91c35.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '17935a60.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '2fc6738e.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '037b60fa.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack-win32-installer-3.3.1.exe.VIR
[0] Archive type: NSIS
--> ProgramFilesDir/ophcrack.exe
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
--> ProgramFilesDir/pwdump6_setup.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
--> ProgramFilesDir/servpw.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
--> ProgramFilesDir/servpw64.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
--> ProgramFilesDir/lsremora.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
--> ProgramFilesDir/lsremora64.dll
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '14901c96.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '041d1116.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.B program
[NOTE] A backup was created as '0aa36dc2.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\lsremora64.dll.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PWDump.F program
[NOTE] A backup was created as '53047315.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\pwdump6_setup.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.PwDump program
[NOTE] A backup was created as '73f74f35.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.Generic.11894 program
[NOTE] A backup was created as '1933570f.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\pwdump\servpw64.exe.VIR
[DETECTION] Contains recognition pattern of the SPR/Tool.69632.19 program
[NOTE] A backup was created as '03450ff1.qua' ( QUARANTINE )
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] A backup was created as '2ac45af9.qua' ( QUARANTINE )
[WARNING] The file was ignored!
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '32111ff9.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Random\ophcrack\ophcrack.exe.VIR
[DETECTION] Contains recognition pattern of the APPL/Agent.481792 application
[NOTE] A backup was created as '1c1748fc.qua' ( QUARANTINE )
C:\Documents and Settings\HP_Administrator\Desktop\Maintenence and Security\GooredFix Backups\C\Documents and Settings\HP_Administrator\Local Settings\Application Data\{34CDD1EE-98F9-4E2D-B677-B0710470858B}\chrome\content\overlay.xul.VIR
[DETECTION] Contains recognition pattern of the JS/Hiloti.C.1 Java script virus
[NOTE] A backup was created as '075760c9.qua' ( QUARANTINE )


End of the scan: Wednesday, March 07, 2012 21:44
Used time: 40:44:10 Hour(s)

The scan has been canceled!

155257 Scanned directories
29193939 Files were scanned
573 Viruses and/or unwanted programs were found
39 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
422 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
29193327 Files not concerned
641300 Archives were scanned
39 Warnings
422 Notes

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:20 PM

Posted 07 March 2012 - 11:49 PM

Any reason why pwdump was on your machine?

#11 RockyE

RockyE
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 08 March 2012 - 06:32 AM

Yes, bought a new laptop for school and forgot the windows password the first day. A google search lead me to this tutorial http://pcsupport.about.com/od/toolsofthetrade/tp/passrecovery.htm I had to download orphocrack to this computer so I could burn it to a disc and run it on my laptop. It didn't work so I ended up using the 2nd option and that worked. It was never ran on this computer though, just d/l'ed and burned it.

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:20 PM

Posted 08 March 2012 - 07:41 AM

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#13 RockyE

RockyE
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 08 March 2012 - 06:43 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by HP_Administrator (administrator) on 08-03-2012 at 18:19:44
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection 2 (Connected)
NVIDIA nForce Networking Controller = Local Area Connection 3 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Computer

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.ga.comcast.net.



Ethernet adapter Local Area Connection 3:



Connection-specific DNS Suffix . : hsd1.ga.comcast.net.

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-18-F3-30-AD-53

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 76.97.78.215

Subnet Mask . . . . . . . . . . . : 255.255.248.0

Default Gateway . . . . . . . . . : 76.97.72.1

DHCP Server . . . . . . . . . . . : 69.252.196.133

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

Lease Obtained. . . . . . . . . . : Thursday, March 08, 2012 5:15:20 PM

Lease Expires . . . . . . . . . . : Monday, March 12, 2012 5:15:20 PM

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 173.194.37.36, 173.194.37.41, 173.194.37.38, 173.194.37.34
173.194.37.32, 173.194.37.39, 173.194.37.35, 173.194.37.33, 173.194.37.37
173.194.37.40, 173.194.37.46



Pinging google.com [173.194.37.32] with 32 bytes of data:



Reply from 173.194.37.32: bytes=32 time=15ms TTL=55

Reply from 173.194.37.32: bytes=32 time=12ms TTL=55



Ping statistics for 173.194.37.32:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 12ms, Maximum = 15ms, Average = 13ms

Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=43ms TTL=51

Reply from 209.191.122.70: bytes=32 time=60ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 43ms, Maximum = 60ms, Average = 51ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 f3 30 ad 53 ...... NVIDIA nForce Networking Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 76.97.72.1 76.97.78.215 20
76.97.72.0 255.255.248.0 76.97.78.215 76.97.78.215 20
76.97.78.215 255.255.255.255 127.0.0.1 127.0.0.1 20
76.255.255.255 255.255.255.255 76.97.78.215 76.97.78.215 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 76.97.78.215 76.97.78.215 20
224.0.0.0 240.0.0.0 76.97.78.215 76.97.78.215 20
255.255.255.255 255.255.255.255 76.97.78.215 76.97.78.215 1
Default Gateway: 76.97.72.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/08/2012 05:50:36 AM) (Source: MSDTC Client) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 2756
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Error: (03/08/2012 04:03:10 AM) (Source: MSDTC Client) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 2756
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Error: (03/08/2012 02:58:32 AM) (Source: MSDTC Client) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 2756
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Error: (03/08/2012 01:53:44 AM) (Source: MSDTC Client) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 2756
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Error: (03/08/2012 00:49:55 AM) (Source: MSDTC Client) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 2756
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Error: (03/07/2012 11:45:49 PM) (Source: MSDTC Client) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 2756
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Error: (03/07/2012 10:39:49 PM) (Source: MSDTC Client) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 2756
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Error: (03/07/2012 07:55:09 PM) (Source: MSDTC Client) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 2756
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Error: (03/07/2012 06:50:26 PM) (Source: MSDTC Client) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 2756
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

Error: (03/07/2012 05:45:58 PM) (Source: MSDTC Client) (User: )
Description: Failed to initialize the needed name objects. Error Specifics: d:\comxp_sp3\com\com1x\dtc\dtc\msdtcprx\src\dtcinit.cpp:215, Pid: 2756
No Callstack,
CmdLine: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}


System errors:
=============
Error: (03/05/2012 04:25:11 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (03/05/2012 04:18:56 PM) (Source: Service Control Manager) (User: )
Description: The BrSplService service has reported an invalid current state 0.

Error: (03/05/2012 03:35:19 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort2

Error: (03/05/2012 03:28:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2
SABKUTIL

Error: (03/05/2012 03:04:07 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2
SABKUTIL

Error: (03/05/2012 03:02:06 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/05/2012 00:50:35 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AmdK8
avgio
avipbb
eeCtrl
Fips
ftsata2
SABKUTIL
ssmdrv

Error: (03/05/2012 00:49:20 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (03/05/2012 00:43:47 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ftsata2
SABKUTIL

Error: (03/05/2012 07:18:33 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.20 on the
Network Card with network address 0018F330AD53.


Microsoft Office Sessions:
=========================
Error: (02/14/2012 08:16:45 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 38800 seconds with 1920 seconds of active time. This session ended with a crash.

Error: (01/23/2012 07:27:49 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 45381 seconds with 480 seconds of active time. This session ended with a crash.

Error: (12/02/2011 11:47:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1785 seconds with 1080 seconds of active time. This session ended with a crash.

Error: (12/02/2011 11:13:32 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 200 seconds with 180 seconds of active time. This session ended with a crash.

Error: (12/02/2011 10:37:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1502 seconds with 600 seconds of active time. This session ended with a crash.

Error: (07/30/2011 02:21:28 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15073 seconds with 60 seconds of active time. This session ended with a crash.

Error: (07/10/2011 11:00:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 977 seconds with 180 seconds of active time. This session ended with a crash.

Error: (04/24/2010 03:13:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 42 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 1.0.0)
6400_Help (Version: 1.00.0000)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Download Manager (Version: 1.6.2.102)
Adobe Flash Player 10 ActiveX (Version: 10.3.181.14)
Adobe Flash Player 10 Plugin (Version: 10.3.183.11)
Adobe Reader 9 (Version: 9.0.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Apple Mobile Device Support (Version: 2.1.2.7)
Apple Software Update (Version: 2.1.1.116)
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.707)
AviSynth 2.5
Bonjour (Version: 1.0.105)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 70.0.170.000)
CCleaner (Version: 3.15)
CDisplay 1.8
CleanUp!
Comcast Desktop Software (v1.2.0.9) (Version: 23)
Comcast High-Speed Internet Install Wizard
Cooliris for Internet Explorer (Version: 1.9.0.16396)
CP_AtenaShokunin1Config (Version: 70.0.170.000)
CP_CalendarTemplates1 (Version: 70.0.170.000)
cp_LightScribeConfig (Version: 70.0.170.000)
cp_OnlineProjectsConfig (Version: 70.0.170.000)
CP_Package_Basic1 (Version: 70.0.170.000)
CP_Package_Variety1 (Version: 70.0.170.000)
CP_Package_Variety2 (Version: 70.0.170.000)
CP_Package_Variety3 (Version: 70.0.170.000)
CP_Panorama1Config (Version: 70.0.170.000)
cp_PosterPrintConfig (Version: 70.0.170.000)
cp_UpdateProjectsConfig (Version: 70.0.170.000)
Critical Update for Windows Media Player 11 (KB959772)
CueTour (Version: 70.0.170.000)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680)
CustomerResearchQFolder (Version: 1.00.0000)
D1300_Help (Version: 70.0.260.000)
Data Fax SoftModem with SmartCP
Defraggler (Version: 2.09)
Desktop Doctor (Version: 2.5.5)
Destinations (Version: 70.0.170.000)
Disney Fairies Screensaver
Enhanced Multimedia Keyboard Solution
ESPN Java Check
eSupportQFolder (Version: 1.00.0000)
ffdshow [rev 2844] [2009-03-30] (Version: 1.0)
FullDPAppQFolder (Version: 1.00.0000)
getPlus® (Version: 1.5.2.19)
Google Talk Plugin (Version: 2.3.2.0)
Google Update Helper (Version: 1.3.21.99)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HitmanPro 3.6 (Version: 3.6.0.146)
HP Boot Optimizer (Version: 3.0.0)
HP Customer Participation Program 7.0 (Version: 7.0)
HP DigitalMedia Archive (Version: 2.0)
HP DVD Play 2.1
HP Imaging Device Functions 7.0 (Version: 7.0)
HP Officejet J6400 Series (Version: 1.0)
HP Photosmart and Deskjet 7.0 Software (Version: 7.1)
HP Photosmart Essential (Version: 1.9.1.3)
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5 (Version: 6.5)
HP Product Assistant (Version: 100.000.001.000)
HP Solution Center 7.0 (Version: 7.0)
HP Update (Version: 5.003.001.001)
HP Web Helper
hph_ProductContext (Version: 70.0.260.000)
hph_readme (Version: 70.0.260.000)
hph_software (Version: 70.0.260.000)
hph_software_req (Version: 70.0.260.000)
HPPhotoSmartExpress (Version: 70.0.170.000)
HPProductAssistant (Version: 70.0.170.000)
HpSdpAppCoreApp (Version: 3.00.0000)
InstantShareAlert (Version: 1.00.0000)
InstantShareDevices (Version: 70.0.170.000)
IrfanView (remove only)
iTunes (Version: 8.0.2.20)
J6400 (Version: 50.0.165.000)
Java Auto Updater (Version: 2.1.5.3)
Java™ 6 Update 23 (Version: 6.0.230)
Java™ 7 Update 2 (Version: 7.0.20)
Java™ SE Development Kit 7 Update 2 (Version: 1.7.0.20)
JavaFX 2.0.2 (Version: 2.0.2)
JavaFX 2.0.2 SDK (Version: 2.0.2)
LightScribe 1.4.105.1 (Version: 1.4.105.1)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MarketResearch (Version: 70.0.170.000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Away Mode (Version: 6.0.0160.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works (Version: 08.04.0623)
Mozilla Firefox 10.0.2 (x86 en-US) (Version: 10.0.2)
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetBeans IDE 7.1 (Version: 7.1)
Norton Internet Security (Version: 9.0.5.5)
NVIDIA Drivers
OJOsoft Total Video Converter (Version: 2.6.6.0519)
OptionalContentQFolder (Version: 1.00.0000)
PC-Doctor 5 for Windows (Version: 5.00.4060.15)
PhotoGallery (Version: 70.0.170.000)
ProductContext (Version: 50.0.165.000)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3 (Version: 2.2.3)
QuickTime (Version: 7.55.90.70)
RandMap (Version: 70.0.170.000)
RAPTOR (Version: 4.0.4002)
RealPlayer
Realtek High Definition Audio Driver
Sandboxie 3.64 (32-bit) (Version: 3.64)
Scan (Version: 10.1.0.0)
SkinsHP1 (Version: 70.0.170.000)
SlideShow (Version: 70.0.170.000)
SlideShowMusic (Version: 70.0.170.000)
SolutionCenter (Version: 70.0.170.000)
Sonic Express Labeler (Version: 2.1.0)
Sonic RecordNow Audio (Version: 2.0.6)
Sonic RecordNow Copy (Version: 2.0.6)
Sonic RecordNow Data (Version: 2.0.6)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 70.0.170.000)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.6 (Version: 4.6.0)
Status (Version: 70.0.170.000)
Symantec KB-DocID:2003093015493306 (Version: 1.0.0.1)
Toolbox (Version: 100.0.170.000)
Toolbox (Version: 70.0.170.000)
Total Video Converter 3.70 100621
TrayApp (Version: 70.0.170.000)
Unity Web Player (Version: )
Unload (Version: 7.0.0)
UnloadSupport (Version: 10.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB953356) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VLC media player 1.0.0 (Version: 1.0.0)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 100.0.170.000)
WinAce Archiver (Version: 2.69)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WOT for Internet Explorer (Version: 11.11.7.0)
Yahoo! Messenger
ZoneAlarm (Version: 9.2.057.000)

========================= Memory info: ===================================

Percentage of memory in use: 53%
Total physical RAM: 958.48 MB
Available physical RAM: 443.74 MB
Total Pagefile: 2313.85 MB
Available Pagefile: 1715.81 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.51 MB

========================= Partitions: =====================================

1 Drive c: (HP_PAVILION) (Fixed) (Total:224.03 GB) (Free:76.04 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.84 GB) (Free:0.56 GB) FAT32

========================= Users: ========================================

User accounts for \\COMPUTER

Administrator bhoffman Guest
HelpAssistant HP_Administrator SUPPORT_388945a0
SUPPORT_fddfa904

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:07:20 PM

Posted 08 March 2012 - 07:41 PM

Lets look for some files:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :filefind
    hosts
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#15 RockyE

RockyE
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 08 March 2012 - 08:00 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 19:59 on 08/03/2012 by HP_Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "hosts"
C:\WINDOWS\I386\HOSTS -----c- 734 bytes [04:00 10/08/2004] [21:00 09/08/2004] DE1CBFE6C3086010AF115A1F00909B01

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users