Author Topic: Bad Image: WIKI.DLL (Read 84219 times)

Old_Curmudgeon · « **Reply #15 on:** March 08, 2011, 09:45:46 AM »

c:\documents and settings\John Doe\Application Data\Spamihilator\training\da8529c4.training 3475 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\dde93ef6.training 41065 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\e08d17bc.training 1676 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\e17aa771.training 30984 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\e1dd8382.training 3378 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\e2e592b9.training 2366 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\e3c4e29.training 5450 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\e408a40c.training 5555 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\e73cd25.training 1744 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\ea3bfbaf.training 3654 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\ea8d60bb.training 1742 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\eb6c8d51.training 2451 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\ecd2221.training 22590 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\ede1e661.training 2231 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\eea8e4be.training 7645 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\11270411.training 1645 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\13a4100a.training 100852 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\1bd9944c.training 3817 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\1c17bdb2.training 2247 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\1e6e4ded.training 2842 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\1f43a922.training 1188 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\20597512.training 1925 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\20f38642.training 17740 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\24799c8.training 31495 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\26740cdf.training 2032 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\267ba4d1.training 36005 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\274df526.training 47852 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\f0cf0e02.training 1653 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\f1b411af.training 3654 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\f22a594a.training 3549 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\f235c20a.training 5906 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\f3deabe9.training 1530 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\f4fa5e24.training 2401 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\fe6dec8b.training 1899 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\fea5e27b.training 2403 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\good.spamihilator.wordlist 400229 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\training.xml 73938 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\bd6d279c.training 1905 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\c125e88c.training 3240 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\c4ebdfae.training 4582 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\c59224bf.training 5948 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\c5f1680d.training 35880 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\c63ef476.training 4927 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\c83cc235.training 1891 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\c854924.training 2099 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\c8749c16.training 2363 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\c95b1908.training 1752 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\caefe464.training 1775 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\cb47195f.training 3703 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\cbfab6f3.training 22153 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\cc19b6c4.training 3941 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\cdf4ee4a.training 1779 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\cedb3747.training 2796 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\cfe53bb3.training 4786 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\d0f4b8a2.training 2254 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\d152f1e1.training 20583 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\d3ec5a41.training 9448 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\d417fe3f.training 4291 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\d44d0db7.training 2006 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\da24899a.training 498948 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\da2f369e.training 2645 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\6885e96a.training 1643 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\697f87a1.training 26071 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\6c9f1226.training 15898 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\6ed5ae25.training 17249 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\709c742c.training 1658 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\7114fa33.training 3833 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\7186bb83.training 71513 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\74e6ad1b.training 5082 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\7557ff89.training 263246 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\76279792.training 264935 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\764f8d6d.training 2051 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\769318df.training 10118 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\7b808af6.training 3633 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\7ea1296e.training 232121 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\5d782ab7.training 1316 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\605ab68.training 2408 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\60cbeffa.training 108651 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\618e2dc0.training 8809 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\623e2772.training 2259 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\62d4d05e.training 1812 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\63c51a2e.training 498711 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\64d2760a.training 6377 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\2978c0d6.training 2282 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\2a327f16.training 3356 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\2bd0e3f6.training 6113 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\2d9d65ec.training 3654 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\30a4bf85.training 1530 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\3314ea84.training 3065 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\359c4ff.training 14030 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\35c82c46.training 1676 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\27704768.training 3935 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\5c91cbfd.training 3543 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\800c9896.training 88704 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\training\ef466a91.training 1886 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\uid
c:\documents and settings\John Doe\Application Data\Spamihilator\uid\[email protected] 1249 bytes
c:\documents and settings\John Doe\Application Data\Spamihilator\updatecheck.log 23642 bytes
c:\documents and settings\John Doe\Application Data\SpinTop
c:\documents and settings\John Doe\Application Data\SpinTop\spintop.ico 25214 bytes
c:\documents and settings\John Doe\Application Data\Sun
c:\documents and settings\John Doe\Application Data\Sun\Java
c:\documents and settings\John Doe\Application Data\Sun\Java\AU
c:\documents and settings\John Doe\Application Data\Sun\Java\AU\au.cab 571345 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\AU\au.msi 183808 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\29
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\0
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\1
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\10
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\11
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\12
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\13
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\14
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\15
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\16
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\17
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\18
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\19
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\2
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\20
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\21
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\22
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\23
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\24
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\25
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\26
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\27
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\28
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\3
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\30
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\31
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\32
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\33
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\34
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\35
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\36
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\37
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\38
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\39
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\4
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\40
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\41
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\42
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\43
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\44
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\45
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\46
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\47
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\48
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\49
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\5
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\50
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\51
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\52
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\53
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\54
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\55
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\56
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\57
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\58
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\59
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\6
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\60
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\61
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\62
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\63
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\7
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\8
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\9
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\host
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\cache\6.0\muffin
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\deployment.properties 524 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\ext
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\log
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\log\plugin150_10.trace 1566 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\log\plugin150_11.trace 1623 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\security
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\security\auth.dat 0 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\security\trusted.certs 1503 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\29
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\29\2d9f109d-1372a5f6 4329254 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\29\2d9f109d-1372a5f6.idx 390554 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\0
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\1
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\10
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\11
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\11\21e928cb-714652c2 42563 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\11\21e928cb-714652c2.idx 12686 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\12
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\13
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\14
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\15
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\16
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\17
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2aecc432 78624 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2aecc432-n
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2aecc432-n\decora-d3d.dll 12800 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2aecc432-n\decora-sse.dll 61440 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2aecc432.idx 10926 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\18
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\19
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\2
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\20
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\21
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\22
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\23
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\23\3db38257-2893ef8d 2638711 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\23\3db38257-2893ef8d.idx 129563 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\23\6fa462d7-4a2aee04 292107 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\23\6fa462d7-4a2aee04.idx 11306 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\24
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\24\2a20e358-37da6f94 1964 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\24\2a20e358-37da6f94.idx 739 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\25
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\25\794f2bd9-6226e4d1 8792225 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\25\794f2bd9-6226e4d1.idx 439868 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\25\794f2bd9-6d2523d3 8792225 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\25\794f2bd9-6d2523d3.idx 601 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\26
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\26\457dee9a-5caa078f.idx 128 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\26\457dee9a-75bb679d 3133 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\26\457dee9a-75bb679d.idx 788 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\27
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\28
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\3
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\3\1cfa1583-1f7bd05e 4338079 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\3\1cfa1583-1f7bd05e.idx 390599 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\30
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\31
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\32
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-5f9c7d8b 3029 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-5f9c7d8b.idx 883 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-74e574e3.idx 128 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\33
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\34
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\35
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\36
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\37
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\38
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\39
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-139e74f3 1356284 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-139e74f3-n
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-139e74f3-n\jmc.dll 499712 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-139e74f3-n\msvcp71.dll 503808 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-139e74f3-n\msvcr71.dll 348160 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-139e74f3.idx 10981 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\40
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\41
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\42
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-52c2795d 78686 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-52c2795d-n
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-52c2795d-n\decora-d3d.dll 12800 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-52c2795d-n\decora-sse.dll 61440 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-52c2795d.idx 10941 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\43
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\44
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\45
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-626f4b69 1356287 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-626f4b69-n
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-626f4b69-n\jmc.dll 499712 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-626f4b69-n\msvcp71.dll 503808 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-626f4b69-n\msvcr71.dll 348160 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-626f4b69.idx 10973 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\47
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\48
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\49
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\5
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-41e1794c 78684 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-41e1794c-n
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-41e1794c-n\decora-d3d.dll 12800 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-41e1794c-n\decora-sse.dll 61440 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-41e1794c.idx 10931 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\51
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\52
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\53
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\54
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40e35d38 1356192 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40e35d38-n
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40e35d38-n\jmc.dll 499712 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40e35d38-n\msvcp71.dll 503808 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40e35d38-n\msvcr71.dll 348160 bytes executable
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-40e35d38.idx 10975 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\55
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\56
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\57
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\58
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\59
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\6
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\60
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\61
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\62
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\63
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\7
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\8
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\9
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\SystemCache\6.0\lastAccessed 1 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\tmp
c:\documents and settings\John Doe\Application Data\Sun\Java\Deployment\tmp\si
c:\documents and settings\John Doe\Application Data\Sun\Java\jre1.6.0_24
c:\documents and settings\John Doe\Application Data\Sun\Java\jre1.6.0_24\Data1.cab 13027914 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\jre1.6.0_24\jre1.6.0_24.msi 681984 bytes
c:\documents and settings\John Doe\Application Data\Sun\Java\jre1.6.0_24\OpenOffice_banner.jpg 74758 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-2-28-2011( 17-24-2 ).SDB 657973 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-1-2011( 11-21-28 ).SDB 545233 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-1-2011( 23-48-14 ).SDB 6603 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-7-2011( 16-52-18 ).SDB 6512 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-7-2011( 16-52-49 ).SDB 7600 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\CUSTOM.STG 20480 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpyware Scan Log - 02-28-2011 - 21-11-57.log 7660 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpyware Scan Log - 03-01-2011 - 14-20-14.log 570 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs\SUPERAntiSpyware Scan Log - 03-07-2011 - 16-53-57.log 454 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.BIN 19444621 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.DB 41596744 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLIST.ZIP 7138696 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLISTRELATED.DB 1398807 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\PROCESSLISTRELATED.ZIP 177862 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-28-2011 - 21-23-49.DSC 35 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 02-28-2011 - 21-23-49.SBU 18515 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-01-2011 - 14-32-02.DSC 35 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 03-01-2011 - 14-32-02.SBU 774 bytes
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 52224 bytes executable
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 63488 bytes executable
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll 52736 bytes executable
c:\documents and settings\John Doe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 117760 bytes executable
c:\documents and settings\John Doe\Application Data\Syntrillium
c:\documents and settings\John Doe\Application Data\Syntrillium\Cool Edit
c:\documents and settings\John Doe\Application Data\Syntrillium\Cool Edit\COOL.INI 5647 bytes
c:\documents and settings\John Doe\Application Data\Syntrillium\Cool Edit\coolkb2k.ini 10957 bytes
c:\documents and settings\John Doe\Application Data\Syntrillium\Cool Edit\coolmp3.ini 37 bytes
c:\documents and settings\John Doe\Application Data\Syntrillium\Cool Edit\flt.dat 2712 bytes
c:\documents and settings\John Doe\Application Data\Syntrillium\Cool Edit\xfm.dat 59882 bytes
c:\documents and settings\John Doe\Application Data\Template
c:\documents and settings\John Doe\Application Data\Template\Normal.wpt 9728 bytes
c:\documents and settings\John Doe\Application Data\wklnhst.dat 0 bytes
.
scan completed successfully
hidden files: 2433
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3449024481-383353879-3954239504-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(996)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'lsass.exe'(1056)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(5712)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ANYCOM\Bluetooth-USB\bin\btwdins.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\msdtc.exe
c:\program files\AirLink101\AWLL5026\AWLL5026.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Nero\Nero BackItUp 4\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2011-03-07 20:52:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-08 02:52
ComboFix2.txt 2011-03-05 22:05
.
Pre-Run: 318,465,519,616 bytes free
Post-Run: 318,417,092,608 bytes free
.
- - End Of File - - 3D60CF298605D428D47F21E8A4EF60CE

SuperDave · « **Reply #16 on:** March 08, 2011, 12:44:35 PM »

Quote

the ACT program and SQL are the most critical programs that I would like to save after all of this.

You cannot save programs. If you don't have the disks or a site to download them from, you're out of luck.

Quote

Any clue if it looks like the Trojan(?) will be successfully resolved?

Only time will tell but I'm confident.
Please give me an update on the state of your computer.
I believe chkdsk was run already but please run it again.

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

Old_Curmudgeon · « **Reply #17 on:** March 08, 2011, 08:08:16 PM »

OK, right now I will run chkdsk again (it needs it according to popup messages) and then I will follow your previous instructions to clear my DNS cache and then run mrt.exe. After those three I will begin on rootrepeal. By the way, what am I doing by clearing the DNS cache and running mrt.exe?

Thanks for your patience,
Mike

SuperDave · « **Reply #18 on:** March 09, 2011, 12:20:59 PM »

Quote

By the way, what am I doing by clearing the DNS cache and running mrt.exe?

Clearing the DNS cache is to try to fix your internet problems and the MRT is to check for any other bugs on your computer.

Old_Curmudgeon · « **Reply #19 on:** March 09, 2011, 03:34:03 PM »

The DNS ran and I am, once again, able to log onto computerhope!

MRT.exe ran and delivered a clean bill of health. No problems found.

I am about to run rootrepeal.

Thanks,
Mike

Old_Curmudgeon · « **Reply #20 on:** March 10, 2011, 12:10:09 PM »

Well, I'm confused once again. I was unable to log on to computerhope with my laptop. I ran the DNS once more with no effect.

I did run the RootRepeal for C & D drives. The logs follow.

Many thanks,
Mike

***************************************************************************************

C drive RootRepeal Log:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2011/03/10 12:20
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x9EC4F000   Size: 876544   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9F359000   Size: 49152   File Visible: No   Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\program files\pc tools security\k_filecache
Status: Allocation size mismatch (API: 524288, Raw: 589824)

Path: c:\program files\microsoft sql server\mssql.1\mssql\log\log_1468.trc
Status: Allocation size mismatch (API: 4096, Raw: 0)

SSDT
-------------------
#: 041   Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf71b66e6

#: 047   Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7194f68

#: 048   Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf7195230

#: 063   Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf71b70a0

#: 065   Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf71b742a

#: 119   Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf71b5924

#: 192   Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf71b796e

#: 247   Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf71b6aa4

#: 257   Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf71949d8

==EOF==

*****************************************************************************************

D drive RootRepeal log

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2011/03/10 12:46
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0x9EC4F000   Size: 876544   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9F359000   Size: 49152   File Visible: No   Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: d:\system volume information\_restore{3a579f61-82cf-4117-919a-db7b394cd5bc}\rp3\change.log.2
Status: Allocation size mismatch (API: 16384, Raw: 4096)

SSDT
-------------------
#: 041   Function Name: NtCreateKey
Status: Hooked by "PCTCore.sys" at address 0xf71b66e6

#: 047   Function Name: NtCreateProcess
Status: Hooked by "PCTCore.sys" at address 0xf7194f68

#: 048   Function Name: NtCreateProcessEx
Status: Hooked by "PCTCore.sys" at address 0xf7195230

#: 063   Function Name: NtDeleteKey
Status: Hooked by "PCTCore.sys" at address 0xf71b70a0

#: 065   Function Name: NtDeleteValueKey
Status: Hooked by "PCTCore.sys" at address 0xf71b742a

#: 119   Function Name: NtOpenKey
Status: Hooked by "PCTCore.sys" at address 0xf71b5924

#: 192   Function Name: NtRenameKey
Status: Hooked by "PCTCore.sys" at address 0xf71b796e

#: 247   Function Name: NtSetValueKey
Status: Hooked by "PCTCore.sys" at address 0xf71b6aa4

#: 257   Function Name: NtTerminateProcess
Status: Hooked by "PCTCore.sys" at address 0xf71949d8

==EOF==

SuperDave · « **Reply #21 on:** March 10, 2011, 04:37:42 PM »

Is it only ComputerHope that you can't access? What happens when you try? Any error messages?
What happens when you click on this site?

Old_Curmudgeon · « **Reply #22 on:** March 10, 2011, 07:59:46 PM »

Thanks for hanging in there Dave,

"Access" is not really the word. "Log In" is what I am unable to do. I can navigate to computerhope.com and get to the login screen. (Same as the link that you provided.) However, when I type in my user & password I get a screen that says "An error has occurred. You will have to wait 2 seconds to log in again. Sorry." Trying a half dozen more times, after waiting each time, doesn't seem to help. Just for grins I intentionally entered the wrong user and got an error message about the wrong user/password. I entered in the wrong password and got an error message about the wrong user/password. So I am accessing the login routine but for some reason either my computer is sending weird data or computerhope is not friends with my laptop but does like my desktop.

Were there any anomalies in the RootRepeal logs?

Thanks,
Mike

SuperDave · « **Reply #23 on:** March 11, 2011, 12:14:29 PM »

Quote

Were there any anomalies in the RootRepeal logs?

No. The logs look good. I want to run one more scan. In the meantime, I'll pm the administrator about your login problem

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Old_Curmudgeon · « **Reply #24 on:** March 14, 2011, 10:50:56 AM »

Hi Dave,

I ran Eset but I wasn't sure whether or not to leave the "remove found threats" checked so I unselected that and selected "scan archives" and ran it.

Eset found two problems:
1) -win32/toolbar.AskSBar application. Probably a varriant of win32/Agent.CILWIIQ.trojan.
2) -win32/Adware.ADON application

Should I run Eset again with the "remove found threats" selected?

I tried logging in to computerhope with my laptop again and still wasn't allowed to proceed.

Thanks,
Mike

SuperDave · « **Reply #25 on:** March 14, 2011, 12:49:25 PM »

Quote

Should I run Eset again with the "remove found threats" selected?

Yes, Please.

Quote

I tried logging in to computerhope with my laptop again and still wasn't allowed to proceed.

I sent a pm to Administration. Hopefully, they will contact you about this problem.

Old_Curmudgeon · « **Reply #26 on:** March 18, 2011, 09:40:06 PM »

Ironically, while attempting to cure my laptop, I became infected with a virus! Do you think it may be cross-species capable??? Kidding aside, I'm sorry this took so long but I felt terrible.

OK, ESET log file after selecting "remove found threats" and "scan archives":
**************************************************************************

C:\Program Files\Unlocker\eBay_shortcuts_1016.exe   Win32/Adware.ADON application   deleted - quarantined
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP12\A0042211.exe   Win32/Adware.ADON application   deleted - quarantined
C:\_Downloads\FLV Utilities\FLV Downloader\FLVDownloader_Install.exe   probably a variant of Win32/Agent.CILWIIQ trojan   deleted - quarantined
C:\_Downloads\Nero 836\Nero-8.3.6.0_eng_update.exe   Win32/Toolbar.AskSBar application   deleted - quarantined

**************************************************************************

How am I doing?

One of your initial replies indicated that I was not to run any scans without your consent. Would it be a problem to rerun any of the scans that we have run so far?

I tried logging on with my laptop again without success. I have not heard from Administration.

Thanks again for your persistance,
Mike

SuperDave · « **Reply #27 on:** March 19, 2011, 12:29:20 PM »

Quote

Would it be a problem to rerun any of the scans that we have run so far?

Go ahead if you wish.

Quote

tried logging on with my laptop again without success. I have not heard from Administration.

Other than this problem, how's your computer working now?

Old_Curmudgeon · « **Reply #28 on:** March 20, 2011, 09:12:15 AM »

Hi Dave,

Quote

Other than this problem, how's your computer working now?

The original BAD IMAGE complaint stopped in the beginning as I had initially reported. What concerns me is that every time you gave me a new scan module to try each one seemed to find more problems. I'm not savvy enough to recognize whether or not this suggests that a Trojan is lurking on my hard drive so I am relying on you for that.

Since I ran ESET I am getting a JAVA pop-up error near start-up about jusched.exe has encountered a problem and needs to close... Unless you have a suggestion I was going to try a manual update. If that doesn't fix the error I figured that I would need to uninstall and reinstall JAVA.

Since I ran ESET the Laptop has frozen twice. This is very unusual for this machine but I don't know if it is worrysome or not. The first time I was on-line waiting for a .pdf document to load and it never did. The second time was after I allowed Mal WareBytes to run overnight and woke up to a blank MWB screen on my desktop. Each time I had cursor control but no click response or keyboard response. Nor was I able to get a ctl/alt/del response. I finally powered off and restarted. The restart after the MWB freeze brought me to a DOS screen which I exited with ctl/alt/del successfully to a Windows start-up. MWB ran successfully after that and found no problems. I have not noticed any pattern in this behaviour yet.

I have gotten into the low-tech habit of monitoring the indicator lights of my modem and router figuring that if they are steady then nothing is accessing the WEB at that moment. If a Trojan is running in the background and no other program is using the computer (or at least the internet connection) would the indicator lights on my modem and router be blinking (showing activity) due to the Trojan? Do you know if it would it be possible for them to be steady with a Trojan running? Are Trojans wiley enough to defeat these indicator lights? Is monitoring these indicator lights worthwhile?

Thanks Dave,
Mike

SuperDave · « **Reply #29 on:** March 20, 2011, 01:03:57 PM »

Quote

I am getting a JAVA pop-up error near start-up about jusched.exe has encountered a problem and needs to close... Unless you have a suggestion I was going to try a manual update. If that doesn't fix the error I figured that I would need to uninstall and reinstall JAVA.

That very same problem was bugging me last week. I went to Control Panel, Java, clicked on Update tab and unchecked "Check for updates automatically". Problem solved. It only checks once a month and uses valuable resources the whole month.
I'm not sure what's causing the freezing. It could be a number of problems; failing harddrive, overheating, etc.

Quote

If a Trojan is running in the background and no other program is using the computer (or at least the internet connection) would the indicator lights on my modem and router be blinking (showing activity) due to the Trojan? Do you know if it would it be possible for them to be steady with a Trojan running? Are Trojans wiley enough to defeat these indicator lights? Is monitoring these indicator lights worthwhile?

Not a good method. A good third-party firewall would be much better. I noticed you have AVG firewall and it should be blocking all fraudulent traffic both incoming and outgoing.
Let's do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
*******************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Computer Hope Forum

News:

Author Topic: Bad Image: WIKI.DLL (Read 84219 times)

Old_Curmudgeon

Re: Bad Image: WIKI.DLL

SuperDave

Re: Bad Image: WIKI.DLL

Old_Curmudgeon

Re: Bad Image: WIKI.DLL

SuperDave

Re: Bad Image: WIKI.DLL

Old_Curmudgeon

Re: Bad Image: WIKI.DLL

Old_Curmudgeon

Re: Bad Image: WIKI.DLL

SuperDave

Re: Bad Image: WIKI.DLL

Old_Curmudgeon

Re: Bad Image: WIKI.DLL

SuperDave

Re: Bad Image: WIKI.DLL

Old_Curmudgeon

Re: Bad Image: WIKI.DLL

SuperDave

Re: Bad Image: WIKI.DLL

Old_Curmudgeon

Re: Bad Image: WIKI.DLL

SuperDave

Re: Bad Image: WIKI.DLL

Old_Curmudgeon

Re: Bad Image: WIKI.DLL

SuperDave

Re: Bad Image: WIKI.DLL