Tech Support Forum - View Single Post - Google links redirected to new sites & unable to update flash player...

iggyman2 · 05-12-2008, 10:31 PM

Hi again,
Here's the hijack log and the kaspersky log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:56 PM, on 5/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?rev=10319
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [WD Spindown Utility] "C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/...areControl.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.keepandshare.com/imageupl...eUploader4.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/G...onGameHost.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/he...loader_v10.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://aolsvc.aol.com/onlinegames/fr...h.1.0.0.47.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 11347 bytes

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 12, 2008 10:22:51 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/05/2008
Kaspersky Anti-Virus database records: 765113
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 126428
Number of viruses found: 5
Number of infected objects: 110
Number of suspicious objects: 7
Duration of the scan process: 01:20:59

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080512065115\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Love Bug\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Love Bug\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Love Bug\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Love Bug\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Love Bug\Local Settings\History\History.IE5\MSHist012008051220080513\index.dat Object is locked skipped
C:\Documents and Settings\Love Bug\Local Settings\Temp\Perflib_Perfdata_bac.dat Object is locked skipped
C:\Documents and Settings\Love Bug\Local Settings\Temp\~DF222C.tmp Object is locked skipped
C:\Documents and Settings\Love Bug\Local Settings\Temp\~DF2FFE.tmp Object is locked skipped
C:\Documents and Settings\Love Bug\Local Settings\Temp\~DF33EC.tmp Object is locked skipped
C:\Documents and Settings\Love Bug\Local Settings\Temp\~DF520.tmp Object is locked skipped
C:\Documents and Settings\Love Bug\Local Settings\Temp\~DF5B5E.tmp Object is locked skipped
C:\Documents and Settings\Love Bug\Local Settings\Temp\~DF6290.tmp Object is locked skipped
C:\Documents and Settings\Love Bug\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Love Bug\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Love Bug\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Love Bug\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CA\SharedComponents\PPRT\logs\2008-05-12.csv Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP124\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped
C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP125\A0008253.dll Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped
C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP125\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped
C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP154\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped
C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP155\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped
C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP156\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped
C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP157\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped
C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP158\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped
C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP159\A0008975.dll Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped
C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP159\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped
C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP163\A0010005.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP232\A0019835.exe Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP232\change.log Object is locked skipped
C:\WINDOWS\CouponBarIE.dll Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP232\change.log Object is locked skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\ATT1DD.eml/Ogden_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\ATT1DD.eml Mail: infected - 1 skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\ATT556.eml/Stp_djdoa_click_BiggerLoads.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\ATT556.eml Mail: infected - 1 skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Bles4real_Buy_Permanent_Enlarger.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Brianschmitt_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Brianschmitt_click-EXPLODING-ORGASMS.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Brianschmitt_click-ONLINE_PHARM.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Brianschmitt_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\BUY_GUARANTEEDENLARGER.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\BUY_LASTLONGER.HTM Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\BUY_LAST_LONGER.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\BUY_MultiOrgasms.HTM Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\BUY_PERMANENTENLARG.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Buy_Rx_Here.html Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Buy_Rx_Here9.html Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\BUY_SPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Chcanis_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\click-HERBALVIAGRA.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\ClickHere_Buy_DiscountedRx.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Cortez_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Duffhoward_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Duffhoward_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Gbanger15771_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Gustripic-Lose-10poundsIn10days.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Hankins_Buy_HERBALEnlarger.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Heidilynm_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Heimira_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Heimira_click_LASTLONGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Hemaroid_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Hf2860_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Iggyk87_BUY_PHARMACY.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Iggymac_BUY_PHARMACY.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Iggyman2_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Iggyman2_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Juanfra324_click-onlineRX.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Lamnguyend_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Leannstone_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Leeflan23_click-onlineRX.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Margarita_morales_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Marian1521_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Marjorgr_click_LAST-LONGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Max33333_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Moonlight283_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Numanfarrukh_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Numanfarrukh_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Pistissophia_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Poptart21_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Ramirez_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Repo_man100_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Richk107_click-onlineRX.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Salman_patel_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Salman_patel_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Shugendo_click-onlineRX.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Shugendo_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Ssbabys_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Stellamoras_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Stephaniecamara_click-onlineRX.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Stp_djdoa_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Ws714_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Wtawil_click-NONSCRIPTMEDShtm.html Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{003E0867-E13D-4696-8D8C-83EC00502058}\Duffhoward_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{011B9CF7-49A0-4A73-A950-8F5AB668B396}\Hemaroid_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{01957F0F-610B-45ED-8B11-6AD463852F5F}\Hemaroid_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{082B7A7D-CB22-4354-8D06-5F23D11163F0}\Lamnguyend_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{172366EA-CD33-4CE0-AB1B-682C89D680D3}\Moonlight283_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{1CF6E165-6FC4-48E6-88BA-D76D90BF771C}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{202369AE-A14F-490E-BB14-F3763EFE8152}\Ssbabys_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{213A3962-0480-499F-BB90-1EC40C10F35C}\Iggyman2_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{272D2C3C-57DA-4D6C-B555-34799BC17190}\Numanfarrukh_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{31ED058E-000D-4860-BBD3-4CA3DCD786BD}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{3CEB4288-AE28-4D59-9E7B-5414851B57BF}\Brianschmitt_click-ONLINE_PHARM.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{3DE0DE8E-698B-4C80-A8CF-C49922FB6490}\Chcanis_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{3FB038FD-65C3-461E-8D8C-4256EFE818B3}\Buy_Rx_Here.html Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{5FE74FD0-356B-4221-BBA6-8FEB237A159D}\Iggyman2_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{61A17036-0496-407F-A4FB-BDEFE85449B7}\Stp_djdoa_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{68841A50-A6ED-4748-B3DC-53A6B08FCCEF}\Heimira_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{6AA9CA0D-FA1A-4AF1-BB25-D33BF0ABF333}\Leannstone_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{77EE61CB-A753-46D9-91DD-4DB9BC7CF3C0}\Salman_patel_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{7D61E103-3397-4675-9558-3E7ABA7EAE61}\Iggymac_BUY_PHARMACY.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{8C3D0732-D317-4799-B04F-43D3CC7DEFF4}\Heidilynm_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{8D10CB9A-BC3A-4409-BB68-4C6BBE2A6ADB}\Wtawil_click-NONSCRIPTMEDShtm.html Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{94738419-0B9D-4D4F-8494-F0EA190A2706}\Brianschmitt_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{A690AA00-6DB0-4AA0-AD17-F047C39DA549}\Marjorgr_click_LAST-LONGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{A8DC3EE7-48B2-4D8E-AC5D-B8F50EDB530F}\BUY_MultiOrgasms.HTM Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{A9B8F61F-0FDA-4ECD-AA1A-7A3B9A09F2A8}\Iggyman2_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{B913F57F-5842-43D4-9B62-A1A039600C64}\BUY_SPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{C024E2CB-4EE9-45C7-AC97-6C22F1B886A5}\Poptart21_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{C302B4B0-FD25-4C44-9A6E-EEAC2C4A9B93}\Numanfarrukh_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{C865C10D-C5F7-438C-A04B-1B873A7A7F39}\Gustripic-Lose-10poundsIn10days.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{DF58C257-BBEE-4C37-A7DA-382A47884E62}\Iggyman2_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{EC675A6D-325A-484E-84F7-27FB71415522}\Marian1521_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{ED55A325-5284-4E76-8602-A1720CC93634}\Marjorgr_click_LAST-LONGER.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{F2A072D8-F4BC-4B16-BFF2-E92EC193F62C}\BUY_GUARANTEEDENLARGER.HTML Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{F436B828-3616-42F6-A436-D595EE581BAF}\click-HERBALVIAGRA.htm Infected: Trojan.JS.Redirector.b skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Deleted Items.imm/[From "hotels.com" <news@hotels.chtah.com>][Date Tue, 30 Oct 2007 19:00:14 +0000]/UNNAMED/[From "Rocawear.com" <service@efashionsolutions.com>][Date h=from:to:subject:date:message-id:errors-to:list-post:list-unsubscribe:mime-version:content-type;]/UNNAMED/[From Columbia House DVD Club <columbiahouse@mail.columbiahouse.com>][Date Wed, 31 Oct 2007 09:17:09 -0700 (PDT)]/UNNAMED/[From E ... /[From Credit Score <GetY ... /[From eBay <member@ebay.com>][Date Wed, 31 Oct 2007 22:12:33 -0400]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Deleted Items.imm/[From "hotels.com" <news@hotels.chtah.com>][Date Tue, 30 Oct 2007 19:00:14 +0000]/UNNAMED/[From "Rocawear.com" <service@efashionsolutions.com>][Date h=from:to:subject:date:message-id:errors-to:list-post:list-unsubscribe:mime-version:content-type;]/UNNAMED/[From Columbia House DVD Club <columbiahouse@mail.columbiahouse.com>][Date Wed, 31 Oct 2007 09:17:09 -0700 (PDT)]/UNNAMED/[From E ... /[From Credit Score <GetYourCreditScore46@intwmailjbr2.com>][Date Wed, 31 Oct 2007 22:25:22 -0500]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Deleted Items.imm/[From "hotels.com" <news@hotels.chtah.com>][Date Tue, 30 Oct 2007 19:00:14 +0000]/UNNAMED/[From "Rocawear.com" <service@efashionsolutions.com>][Date h=from:to:subject:date:message-id:errors-to:list-post:list-unsubscribe:mime-version:content-type;]/UNNAMED/[From Columbia House DVD Club <columbiahouse@mail.columbiahouse.com>][Date Wed, 31 Oct 2007 09:17:09 -0700 (PDT)]/UNNAMED/[From Engagement Rings <HearWeddingBells519@intwmailjbr2.com>][Date Wed, 31 Oct 2007 23:29:21 -0500]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Deleted Items.imm/[From "hotels.com" <news@hotels.chtah.com>][Date Tue, 30 Oct 2007 19:00:14 +0000]/UNNAMED/[From "Rocawear.com" <service@efashionsolutions.com>][Date h=from:to:subject:date:message-id:errors-to:list-post:list-unsubscribe:mime-version:content-type;]/UNNAMED/[From Columbia House DVD Club <columbiahouse@mail.columbiahouse.com>][Date Wed, 31 Oct 2007 09:17:09 -0700 (PDT)]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Deleted Items.imm/[From "hotels.com" <news@hotels.chtah.com>][Date Tue, 30 Oct 2007 19:00:14 +0000]/UNNAMED/[From "Rocawear.com" <service@efashionsolutions.com>][Date h=from:to:subject:date:message-id:errors-to:list-post:list-unsubscribe:mime-version:content-type;]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Deleted Items.imm/[From "hotels.com" <news@hotels.chtah.com>][Date Tue, 30 Oct 2007 19:00:14 +0000]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Deleted Items.imm Mail: suspicious - 6 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP232\change.log Object is locked skipped

Scan process completed.

05-12-2008, 10:31 PM	#7 (permalink)
iggyman2 Registered User Join Date: May 2008 Posts: 12 OS: xp home sp3	Re: Google links redirected to new sites & unable to update flash player... Hi again, Here's the hijack log and the kaspersky log... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:27:56 PM, on 5/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\INCRED~1\bin\IncMail.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm?rev=10319 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [WD Spindown Utility] "C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/...areControl.cab O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/...nlineGames.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.keepandshare.com/imageupl...eUploader4.cab O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/download...ameManager.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/G...onGameHost.cab O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} (Imikimi_activex_plugin Control) - http://imikimi.com/download/imikimi_plugin_0.5.1.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/he...loader_v10.cab O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://aolsvc.aol.com/onlinegames/fr...h.1.0.0.47.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe -- End of file - 11347 bytes ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, May 12, 2008 10:22:51 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 12/05/2008 Kaspersky Anti-Virus database records: 765113 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 126428 Number of viruses found: 5 Number of infected objects: 110 Number of suspicious objects: 7 Duration of the scan process: 01:20:59 Infected Object Name / Virus Name / Last Action C:\Deckard\System Scanner\20080512065115\backup\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Love Bug\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Love Bug\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Love Bug\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Love Bug\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Love Bug\Local Settings\History\History.IE5\MSHist012008051220080513\index.dat Object is locked skipped C:\Documents and Settings\Love Bug\Local Settings\Temp\Perflib_Perfdata_bac.dat Object is locked skipped C:\Documents and Settings\Love Bug\Local Settings\Temp\~DF222C.tmp Object is locked skipped C:\Documents and Settings\Love Bug\Local Settings\Temp\~DF2FFE.tmp Object is locked skipped C:\Documents and Settings\Love Bug\Local Settings\Temp\~DF33EC.tmp Object is locked skipped C:\Documents and Settings\Love Bug\Local Settings\Temp\~DF520.tmp Object is locked skipped C:\Documents and Settings\Love Bug\Local Settings\Temp\~DF5B5E.tmp Object is locked skipped C:\Documents and Settings\Love Bug\Local Settings\Temp\~DF6290.tmp Object is locked skipped C:\Documents and Settings\Love Bug\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Love Bug\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Love Bug\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Love Bug\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\CA\SharedComponents\PPRT\logs\2008-05-12.csv Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP124\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP125\A0008253.dll Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP125\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP154\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP155\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP156\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP157\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP158\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP159\A0008975.dll Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP159\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP163\A0010005.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP232\A0019835.exe Infected: Trojan.Win32.Monder.gen skipped C:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP232\change.log Object is locked skipped C:\WINDOWS\CouponBarIE.dll Infected: not-a-virus:AdWare.Win32.Mostofate.cg skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped E:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP232\change.log Object is locked skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\ATT1DD.eml/Ogden_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\ATT1DD.eml Mail: infected - 1 skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\ATT556.eml/Stp_djdoa_click_BiggerLoads.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\ATT556.eml Mail: infected - 1 skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Bles4real_Buy_Permanent_Enlarger.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Brianschmitt_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Brianschmitt_click-EXPLODING-ORGASMS.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Brianschmitt_click-ONLINE_PHARM.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Brianschmitt_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\BUY_GUARANTEEDENLARGER.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\BUY_LASTLONGER.HTM Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\BUY_LAST_LONGER.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\BUY_MultiOrgasms.HTM Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\BUY_PERMANENTENLARG.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Buy_Rx_Here.html Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Buy_Rx_Here9.html Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\BUY_SPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Chcanis_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\click-HERBALVIAGRA.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\ClickHere_Buy_DiscountedRx.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Cortez_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Duffhoward_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Duffhoward_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Gbanger15771_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Gustripic-Lose-10poundsIn10days.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Hankins_Buy_HERBALEnlarger.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Heidilynm_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Heimira_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Heimira_click_LASTLONGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Hemaroid_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Hf2860_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Iggyk87_BUY_PHARMACY.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Iggymac_BUY_PHARMACY.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Iggyman2_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Iggyman2_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Juanfra324_click-onlineRX.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Lamnguyend_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Leannstone_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Leeflan23_click-onlineRX.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Margarita_morales_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Marian1521_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Marjorgr_click_LAST-LONGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Max33333_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Moonlight283_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Numanfarrukh_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Numanfarrukh_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Pistissophia_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Poptart21_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Ramirez_Buy_PermanentEnlarger.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Repo_man100_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Richk107_click-onlineRX.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Salman_patel_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Salman_patel_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Shugendo_click-onlineRX.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Shugendo_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Ssbabys_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Stellamoras_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Stephaniecamara_click-onlineRX.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Stp_djdoa_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Ws714_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\Wtawil_click-NONSCRIPTMEDShtm.html Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{003E0867-E13D-4696-8D8C-83EC00502058}\Duffhoward_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{011B9CF7-49A0-4A73-A950-8F5AB668B396}\Hemaroid_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{01957F0F-610B-45ED-8B11-6AD463852F5F}\Hemaroid_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{082B7A7D-CB22-4354-8D06-5F23D11163F0}\Lamnguyend_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{172366EA-CD33-4CE0-AB1B-682C89D680D3}\Moonlight283_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{1CF6E165-6FC4-48E6-88BA-D76D90BF771C}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{202369AE-A14F-490E-BB14-F3763EFE8152}\Ssbabys_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{213A3962-0480-499F-BB90-1EC40C10F35C}\Iggyman2_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{272D2C3C-57DA-4D6C-B555-34799BC17190}\Numanfarrukh_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{31ED058E-000D-4860-BBD3-4CA3DCD786BD}\BUY_PERMANENTENLARG.HTM Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{3CEB4288-AE28-4D59-9E7B-5414851B57BF}\Brianschmitt_click-ONLINE_PHARM.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{3DE0DE8E-698B-4C80-A8CF-C49922FB6490}\Chcanis_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{3FB038FD-65C3-461E-8D8C-4256EFE818B3}\Buy_Rx_Here.html Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{5FE74FD0-356B-4221-BBA6-8FEB237A159D}\Iggyman2_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{61A17036-0496-407F-A4FB-BDEFE85449B7}\Stp_djdoa_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{68841A50-A6ED-4748-B3DC-53A6B08FCCEF}\Heimira_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{6AA9CA0D-FA1A-4AF1-BB25-D33BF0ABF333}\Leannstone_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{77EE61CB-A753-46D9-91DD-4DB9BC7CF3C0}\Salman_patel_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{7D61E103-3397-4675-9558-3E7ABA7EAE61}\Iggymac_BUY_PHARMACY.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{8C3D0732-D317-4799-B04F-43D3CC7DEFF4}\Heidilynm_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{8D10CB9A-BC3A-4409-BB68-4C6BBE2A6ADB}\Wtawil_click-NONSCRIPTMEDShtm.html Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{94738419-0B9D-4D4F-8494-F0EA190A2706}\Brianschmitt_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{A690AA00-6DB0-4AA0-AD17-F047C39DA549}\Marjorgr_click_LAST-LONGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{A8DC3EE7-48B2-4D8E-AC5D-B8F50EDB530F}\BUY_MultiOrgasms.HTM Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{A9B8F61F-0FDA-4ECD-AA1A-7A3B9A09F2A8}\Iggyman2_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{B913F57F-5842-43D4-9B62-A1A039600C64}\BUY_SPERMCOUNT.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{C024E2CB-4EE9-45C7-AC97-6C22F1B886A5}\Poptart21_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{C302B4B0-FD25-4C44-9A6E-EEAC2C4A9B93}\Numanfarrukh_click-PERMANENTENLARGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{C865C10D-C5F7-438C-A04B-1B873A7A7F39}\Gustripic-Lose-10poundsIn10days.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{DF58C257-BBEE-4C37-A7DA-382A47884E62}\Iggyman2_click-BIGGERLOADS.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{EC675A6D-325A-484E-84F7-27FB71415522}\Marian1521_10POUNDSIN10DAYSDIET.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{ED55A325-5284-4E76-8602-A1720CC93634}\Marjorgr_click_LAST-LONGER.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{F2A072D8-F4BC-4B16-BFF2-E92EC193F62C}\BUY_GUARANTEEDENLARGER.HTML Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Attachments\{F436B828-3616-42F6-A436-D595EE581BAF}\click-HERBALVIAGRA.htm Infected: Trojan.JS.Redirector.b skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Deleted Items.imm/[From "hotels.com" <news@hotels.chtah.com>][Date Tue, 30 Oct 2007 19:00:14 +0000]/UNNAMED/[From "Rocawear.com" <service@efashionsolutions.com>][Date h=from:to:subject:date:message-id:errors-to:list-post:list-unsubscribe:mime-version:content-type;]/UNNAMED/[From Columbia House DVD Club <columbiahouse@mail.columbiahouse.com>][Date Wed, 31 Oct 2007 09:17:09 -0700 (PDT)]/UNNAMED/[From E ... /[From Credit Score <GetY ... /[From eBay <member@ebay.com>][Date Wed, 31 Oct 2007 22:12:33 -0400]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Deleted Items.imm/[From "hotels.com" <news@hotels.chtah.com>][Date Tue, 30 Oct 2007 19:00:14 +0000]/UNNAMED/[From "Rocawear.com" <service@efashionsolutions.com>][Date h=from:to:subject:date:message-id:errors-to:list-post:list-unsubscribe:mime-version:content-type;]/UNNAMED/[From Columbia House DVD Club <columbiahouse@mail.columbiahouse.com>][Date Wed, 31 Oct 2007 09:17:09 -0700 (PDT)]/UNNAMED/[From E ... /[From Credit Score <GetYourCreditScore46@intwmailjbr2.com>][Date Wed, 31 Oct 2007 22:25:22 -0500]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Deleted Items.imm/[From "hotels.com" <news@hotels.chtah.com>][Date Tue, 30 Oct 2007 19:00:14 +0000]/UNNAMED/[From "Rocawear.com" <service@efashionsolutions.com>][Date h=from:to:subject:date:message-id:errors-to:list-post:list-unsubscribe:mime-version:content-type;]/UNNAMED/[From Columbia House DVD Club <columbiahouse@mail.columbiahouse.com>][Date Wed, 31 Oct 2007 09:17:09 -0700 (PDT)]/UNNAMED/[From Engagement Rings <HearWeddingBells519@intwmailjbr2.com>][Date Wed, 31 Oct 2007 23:29:21 -0500]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Deleted Items.imm/[From "hotels.com" <news@hotels.chtah.com>][Date Tue, 30 Oct 2007 19:00:14 +0000]/UNNAMED/[From "Rocawear.com" <service@efashionsolutions.com>][Date h=from:to:subject:date:message-id:errors-to:list-post:list-unsubscribe:mime-version:content-type;]/UNNAMED/[From Columbia House DVD Club <columbiahouse@mail.columbiahouse.com>][Date Wed, 31 Oct 2007 09:17:09 -0700 (PDT)]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Deleted Items.imm/[From "hotels.com" <news@hotels.chtah.com>][Date Tue, 30 Oct 2007 19:00:14 +0000]/UNNAMED/[From "Rocawear.com" <service@efashionsolutions.com>][Date h=from:to:subject:date:message-id:errors-to:list-post:list-unsubscribe:mime-version:content-type;]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Deleted Items.imm/[From "hotels.com" <news@hotels.chtah.com>][Date Tue, 30 Oct 2007 19:00:14 +0000]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped F:\IM\Identities\{1C83E0AF-12FA-485C-99E2-55DB6B2AE0AD}\Message Store\Deleted Items.imm Mail: suspicious - 6 skipped F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped F:\System Volume Information\_restore{7FF69E90-1920-48F7-8F66-0CABD03EDCFF}\RP232\change.log Object is locked skipped Scan process completed.