Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Pop-ups, Hijackthis log file
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 10-13-2007, 07:25 AM   #1 (permalink)
Registered User
 
Bobby Smith's Avatar
 
Join Date: Dec 2004
Posts: 35
OS: xp home


Pop-ups, Hijackthis log file
Logfile of HijackThis v1.99.1
Scan saved at 8:13:52 AM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E26CEADA-67B0-4543-BE8B-307F00265118} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O3 - Toolbar: (no name) - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lock My PC] C:\Program Files\LMPC3\lockpc.exe /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\nvchost
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: PrintKey-Pro.lnk = C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1F3CFDE2-A6DE-1207-76F1-014F46C92C38} - http://69.50.173.166/1/gdnUS2270.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://lowerlot.axiscam.net:9553/activex/AMC.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.co...x/HMAtchmt.ocx
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Bobby Smith is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-14-2007, 08:51 AM   #2 (permalink)
Registered User
 
Bobby Smith's Avatar
 
Join Date: Dec 2004
Posts: 35
OS: xp home


Re: Pop-ups, Hijackthis log file
Disregard. Popups were removed after running "Fixwareout". You can download from "www.downloads.subratam.org/fixwareout.exe"

Thanks!
Bobby Smith is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-14-2007, 09:04 AM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,555
OS: WinXP and Vista


Re: Pop-ups, Hijackthis log file
You have other infections onboard here besides Wareout. I'd like to see a more comprehensive scan please.

As noted in our sticky topic (Updated!) IMPORTANT - Read This Before Posting A Log, download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review.
  • DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

Please include the following in your next reply:

main.txt
an attached extra.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-28-2007, 08:20 PM   #4 (permalink)
Registered User
 
Bobby Smith's Avatar
 
Join Date: Dec 2004
Posts: 35
OS: xp home


Re: Pop-ups, Hijackthis log file
I've attached the main.txt and extra.txt. Thanks for your help and please advise.

Deckard's System Scanner v20071014.68
Run by Owner on 2007-10-28 20:56:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
76: 2007-10-29 01:56:45 UTC - RP803 - Deckard's System Scanner Restore Point
75: 2007-10-29 01:03:42 UTC - RP802 - System Checkpoint
74: 2007-10-28 00:03:55 UTC - RP801 - System Checkpoint
73: 2007-10-26 23:31:51 UTC - RP800 - System Checkpoint
72: 2007-10-25 01:29:45 UTC - RP799 - System Checkpoint


-- First Restore Point --
1: 2007-08-01 23:33:26 UTC - RP728 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:59:20 PM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LMPC3\lockpc.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Owner.BOBBY\My Documents\Bobby's Documents\Tech Support Forum\Deckard's System Scanner DSS.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E26CEADA-67B0-4543-BE8B-307F00265118} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O3 - Toolbar: (no name) - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lock My PC] C:\Program Files\LMPC3\lockpc.exe /s
O4 - HKLM\..\Run: [winlogon] C:\WINDOWS\nvchost
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: PrintKey-Pro.lnk = C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1F3CFDE2-A6DE-1207-76F1-014F46C92C38} - http://69.50.173.166/1/gdnUS2270.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://lowerlot.axiscam.net:9553/activex/AMC.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.co...x/HMAtchmt.ocx
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe


-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20050730-164531-899 O4 - HKLM\..\Run: [hgqjfy] c:\windows\system32\rkmnrj.exe r
backup-20050730-164531-982 F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
backup-20070716-130750-184 O4 - HKLM\..\Run: [Lock My PC] C:\Program Files\LMPC3\lockpc.exe /s
backup-20070716-130750-688 O4 - Startup: DrAntispy.lnk = C:\Program Files\DrAntispy\DrAntispy.exe
backup-20070716-130750-720 O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
backup-20070716-130750-898 O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
backup-20070716-130750-908 O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
backup-20070716-130750-987 O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
backup-20070716-130751-206 O17 - HKLM\System\CCS\Services\Tcpip\..\{23BD82F9-D540-46B6-9AB5-ECCA809A74D7}: NameServer = 85.255.116.20,85.255.112.215
backup-20070716-130751-313 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.20 85.255.112.215
backup-20070716-130751-360 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.20 85.255.112.215
backup-20070716-130751-555 O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
backup-20070716-130751-623 O17 - HKLM\System\CS1\Services\Tcpip\..\{23BD82F9-D540-46B6-9AB5-ECCA809A74D7}: NameServer = 85.255.116.20,85.255.112.215
backup-20070716-130751-830 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
backup-20070716-130751-869 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.20 85.255.112.215
backup-20070716-130751-875 O17 - HKLM\System\CCS\Services\Tcpip\..\{82FFCB06-6C60-46F0-A49F-5AE5DDC1F4BE}: NameServer = 85.255.116.20,85.255.112.215
backup-20070716-130751-883 O17 - HKLM\System\CS2\Services\Tcpip\..\{23BD82F9-D540-46B6-9AB5-ECCA809A74D7}: NameServer = 85.255.116.20,85.255.112.215

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 iomdisk (Iomega Devices Disk Filter Services) - c:\windows\system32\drivers\iomdisk.sys <Not Verified; Iomega Corporation; Iomega Disk Filter Driver>
R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 ewido security suite driver - c:\program files\ewido\security suite\guard.sys
R3 DELTA (Service for Delta Driver (WDM)) - c:\windows\system32\drivers\delta.sys <Not Verified; Midiman/M-Audio; M-Audio Delta WDM Driver>
R3 LMPC2 - c:\windows\system32\drivers\lmpc2.sys <Not Verified; FSPro Labs; LMPC>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt>

S3 ldiskl - c:\docume~1\owner~1.bob\locals~1\temp\ldiskl.sys (file missing)
S3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys (file missing)
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 SYMIDSCO - c:\windows\system32\drivers\symidsco.sys (file missing)
S3 TBU11 (Turtle Beach USB MIDI 1x1 Driver) - c:\windows\system32\drivers\tbu11.sys <Not Verified; Voyetra Turtle Beach, Inc.; Turtle Beach USB MIDI 1x1>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Iomega App Services - "c:\progra~1\iomega\system32\appservices.exe" <Not Verified; Iomega Corporation; Iomega App Services>
R2 ScsiAccess - c:\windows\system32\scsiaccess.exe

S4 ewido security suite guard - c:\program files\ewido\security suite\ewidoguard.exe <Not Verified; ewido networks; guard>
S4 Iomega Activity Disk2 - ""


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMHP_DVD_WRITER_300N______________________3.20____\5&22AC9DF0&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: HP DVD Writer 300n
PNP Device ID: IDE\CDROMHP_DVD_WRITER_300N______________________3.20____\5&22AC9DF0&0&0.0.0
Service: cdrom


-- Files created between 2007-09-28 and 2007-10-28 -----------------------------

2007-10-10 13:37:03 0 d-------- C:\Program Files\ASIO4ALL v2
2007-10-07 14:28:16 0 d-------- C:\Program Files\Native Instruments
2007-10-07 14:27:50 130048 --a------ C:\WINDOWS\nvchost.exe


-- Find3M Report ---------------------------------------------------------------

2007-10-27 17:37:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-27 09:02:08 0 d-------- C:\Program Files\Quicken
2007-10-21 09:46:47 0 d-------- C:\Program Files\LimeWire
2007-10-10 13:37:57 0 d-------- C:\Program Files\Image-Line
2007-10-04 16:32:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-24 01:36:20 0 d-------- C:\Documents and Settings\Owner.BOBBY\Application Data\Juce VST Host
2007-09-22 14:40:12 0 d-------- C:\Program Files\Windows Live


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E26CEADA-67B0-4543-BE8B-307F00265118}]
C:\Program Files\Video ActiveX Access\iesplg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/10/2005 06:06 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/17/2005 07:04 PM]
"Lock My PC"="C:\Program Files\LMPC3\lockpc.exe" [05/26/2006 11:25 AM]
"winlogon"="C:\WINDOWS\nvchost" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe" [12/03/2003 09:42 AM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [08/18/2005 01:49 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 1:05:26 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [9/16/2003 3:19:24 PM]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [12/13/2003 3:28:04 PM]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [6/8/2003 5:48:18 PM]
PrintKey-Pro.lnk - C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe [9/19/2003 10:12:40 PM]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [10/5/2005 8:31:34 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"rwdkpffj.exe"=C:\WINDOWS\system\rwdkpffj.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{33b8d257-07f6-4c06-8605-94bc21728635}"= C:\WINDOWS\system32\onljweo.dll [07/16/2007 12:01 PM 8704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsp_lmwl]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Info.exe folder.htt 480 480




-- End of Deckard's System Scanner: finished at 2007-10-28 21:00:09 ------------
Attached Files
File Type: txt extra.txt (27.3 KB, 2 views)
File Type: txt main.txt (14.7 KB, 2 views)
Last edited by Ried; 10-28-2007 at 10:54 PM.
Bobby Smith is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-28-2007, 11:10 PM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,555
OS: WinXP and Vista


Re: Pop-ups, Hijackthis log file
Hello Bobby Smith,

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2007, 03:53 PM   #6 (permalink)
Registered User
 
Bobby Smith's Avatar
 
Join Date: Dec 2004
Posts: 35
OS: xp home


Re: Pop-ups, Hijackthis log file
Please review combofix report and new hijackthis logfile. Thanks again.
Attached Files
File Type: txt log.txt (5.6 KB, 3 views)
File Type: txt hijackthis.txt (5.8 KB, 1 views)
Bobby Smith is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2007, 03:59 PM   #7 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,328
OS: N/A


Re: Pop-ups, Hijackthis log file
Do a HijackThis scan & place a check next to these items and select "Fix checked":

O2 - BHO: (no name) - {E26CEADA-67B0-4543-BE8B-307F00265118} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O16 - DPF: {1F3CFDE2-A6DE-1207-76F1-014F46C92C38} - http://69.50.173.166/1/gdnUS2270.exe
O20 - Winlogon Notify: fsp_lmwl - C:\WINDOWS\


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/187771-pop-ups-hijackthis-log-file.html
Collect::
C:\WINDOWS\nvchost.exe
Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file on your Desktop, called [4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingcomputer.com/subm....php?channel=4


---------------


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan


---------------


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log taken just before replying
  2. Online scan
  3. ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-04-2007, 02:56 PM   #8 (permalink)
Registered User
 
Bobby Smith's Avatar
 
Join Date: Dec 2004
Posts: 35
OS: xp home


Re: Pop-ups, Hijackthis log file
Fresh Hijackthis log, Online Scan & ComboFix's log attached. Thanks!


ComboFix 07-11-04.1 - Owner 2007-11-05 11:28:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.230 [GMT -6:00]
Running from: C:\Documents and Settings\Owner.BOBBY\My Documents\Bobby's Documents\Tech Support Forum\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner.BOBBY\My Documents\Bobby's Documents\Tech Support Forum\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\nvchost.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 )))))))))))))))))))))))))))))))
.

2007-11-03 15:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-03 14:00 24,576 --a------ C:\temp\IadHide3.dll
2007-10-28 19:56 <DIR> d-------- C:\Deckard
2007-10-10 12:37 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2007-10-09 15:31 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-07 13:28 <DIR> d-------- C:\Program Files\Native Instruments

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-05 02:48 --------- d-----w C:\Program Files\Quicken
2007-11-03 13:52 --------- d-----w C:\Program Files\LimeWire
2007-10-27 22:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-10 18:37 --------- d-----w C:\Program Files\Image-Line
2007-10-04 21:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-24 06:36 --------- d-----w C:\Documents and Settings\Owner.BOBBY\Application Data\Juce VST Host
2007-09-22 19:40 --------- d-----w C:\Program Files\Windows Live
2007-09-22 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2004-10-25 03:43 66 ----a-w C:\Documents and Settings\Owner.BOBBY\Application Data\tvmcwrd.dll
2004-10-24 00:35 226,266 ----a-w C:\Documents and Settings\Owner.BOBBY\Application Data\tvmknwrd.dll
2004-06-23 20:55 20,480 ----a-w C:\Program Files\ProcManager.exe
2004-10-21 05:57:15 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-04_16.22.31.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-29 23:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-30 00:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
- 2007-08-17 23:03:19 54,280 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-04 22:28:18 54,280 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-08-17 23:03:19 384,596 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-04 22:28:18 384,596 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-07-22 23:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-07-23 00:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 05:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-17 18:04]
"Lock My PC"="C:\Program Files\LMPC3\lockpc.exe" [2006-05-26 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe" [2003-12-03 08:42]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 12:49]

C:\Documents and Settings\Customers\Start Menu\Programs\Startup\
office depot.mpg [2004-01-22 13:14:28]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 14:19:24]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-12-13 14:28:04]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 16:48:18]
PrintKey-Pro.lnk - C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe [2003-09-19 21:12:40]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2005-10-05 19:31:34]

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys
R1 ewido security suite driver;ewido security suite driver;\??\C:\Program Files\ewido\security suite\guard.sys
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS
R3 GT680x;GrandTechICNameNT;C:\WINDOWS\system32\Drivers\gt680x.sys
R3 LMPC2;LMPC2;C:\WINDOWS\system32\drivers\LMPC2.sys
S3 ldiskl;ldiskl;\??\C:\DOCUME~1\OWNER~1.BOB\LOCALS~1\Temp\ldiskl.sys
S3 TBU11;Turtle Beach USB MIDI 1x1 Driver;C:\WINDOWS\system32\Drivers\tbu11.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-05 11:32:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-05 11:34:14
C:\ComboFix2.txt ... 2007-11-04 16:25
.
--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 4:51:46 PM, on 11/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\LMPC3\lockpc.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lock My PC] C:\Program Files\LMPC3\lockpc.exe /s
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: PrintKey-Pro.lnk = C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe
O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://lowerlot.axiscam.net:9553/activex/AMC.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.co...x/HMAtchmt.ocx
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, November 05, 2007 4:50:32 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/11/2007
Kaspersky Anti-Virus database records: 451524
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\

Scan Statistics:
Total number of scanned objects: 152126
Number of viruses found: 36
Number of infected objects: 109
Number of suspicious objects: 0
Duration of the scan process: 01:58:17

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe Infected: not-a-virus:Downloader.Win32.Agent.e skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Application Data\interMute\SpamSubtract\updates\badwords.re Object is locked skipped
C:\Documents and Settings\Owner\Application Data\interMute\SpamSubtract\updates\words.re Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}\ICO_ZoneDeluxeGamesManager.ico Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}\ICO__Collapse_Deluxe.exe Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}\ICO__Cubis_Deluxe.exe Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}\ICO__Mah_Jong_Tiles_Deluxe.exe Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}\ICO__TextTwist_Deluxe.exe Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}\ICO__Word_MoJo_Deluxe.exe Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\RealOne Player.lnk Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Real\rnadmin\rnsystem.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Sonic\Update Manager\sumdb.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\deployment.properties Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\Options.VcPref Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\Register with Compaq.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Compaq's Internet Service Providers\America Online.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Compaq's Internet Service Providers\CompuServe.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Compaq's Internet Service Providers\Get High-Speed Internet.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\My Yahoo.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Best of the Web.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Briefcase.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Calendar.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Entertainment.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Finance.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Games.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Mail.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Music.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! News.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Personals.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Photos.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Shopping.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Sports.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Travel.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Yellow Pages.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN CarPoint.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN Home.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN HomeAdvisor.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN Hotmail.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN Money.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN People & Chat.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN Shopping.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN Web Search.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.11f1da13.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Works\Portfolio\Sample.wsb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\1033.MST Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012004012620040127\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012004092720041004\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012004100420041005\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\jusched.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pcf1.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\ml1.srt Object is locked skipped
C:\Documents and Settings\Owner\ml2.srt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Music\Get More with Jukebox Plus.mp3 Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\ntuser.ini Object is locked skipped
C:\Documents and Settings\Owner\Recent\3½ Floppy (A).lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\blocks.lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Recent\Finis.lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\msnfix (2).lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\msnfix.lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\msnfixjs (2).lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\msnfixjs.lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\NAR2.lnk Object is locked skipped
C:\Documents and Settings\Owner\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Owner\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Owner\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Owner\SendTo\MUSICMATCH Burner Plus.lnk Object is locked skipped
C:\Documents and Settings\Owner\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\Owner\SendTo\RecordNow!.RecordNowSendToExt Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Entertainment\RealOne Player.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Online Services\Easy Internet Sign-up.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Zone.com Deluxe Games\Play Collapse! Deluxe.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Zone.com Deluxe Games\Play Cubis Deluxe.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Zone.com Deluxe Games\Play Mah Jong Tiles Deluxe.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Zone.com Deluxe Games\Play TextTwist Deluxe.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Zone.com Deluxe Games\Play Word MoJo Deluxe.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Zone.com Deluxe Games\Visit Zone.com Deluxe Games!.lnk Object is locked skipped
C:\Documents and Settings\Owner\tempdiff.txt Object is locked skipped
C:\Documents and Settings\Owner\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Owner\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Owner\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Owner\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Owner\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Owner\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Owner\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Owner\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Owner\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Owner\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Owner\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Owner\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-40822d38.zip/Counter.class Infected: Trojan.Java.ClassLoader.i skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-40822d38.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-40822d38.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-40822d38.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68a78113-30f4dccb.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68a78113-30f4dccb.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68a78113-30f4dccb.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68a78113-30f4dccb.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-540c1c76-4067b059.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-540c1c76-4067b059.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-540c1c76-4067b059.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d29f7ed-52026c20.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d29f7ed-52026c20.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d29f7ed-52026c20.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv430.jar-61fcb0a5-41babed0.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv430.jar-61fcb0a5-41babed0.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv430.jar-61fcb0a5-41babed0.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv430.jar-61fcb0a5-41babed0.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-23cd1d22-30b6c555.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-23cd1d22-30b6c555.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-23cd1d22-30b6c555.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-23cd1d22-30b6c555.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Owner.BOBBY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\backups\backup-20050726-184927-316.dll Infected: not-a-virus:AdWare.Win32.Comet.e skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\backups\backup-20050726-184928-521.dll Infected: not-a-virus:AdWare.Win32.Comet.e skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-05@11.28.zip/nvchost.exe Infected: Packed.Win32.Klone.j skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-05@11.28.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\0394ccd6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\0b2331d6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\0d42b0d6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\1bc6f4d6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\23a82af6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\24833106.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\25f48af6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\29be5ab6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\30d261f6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\3f4db1d6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\435c95b6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\4bf9a8f6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\4fb79af6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\52690ee6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\64a88ce6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\68baaaf6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\698175c6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\84c10ff6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\859c3af6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\8d7c66d6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\9721abf6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\99ca1af6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\a7a70536.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\ae9f9ea6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\b26acbd6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\b4a073d6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\bd879af6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\c8c1faf6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\c8d726e6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\d74acaf6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\e2d89356.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\ebf93af6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\ef6bd166.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Temp\me_L Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Temp\me_oRYLv9o5cb0u0wp Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Temp\me_wmvK22GBldMRCka Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Temp\me_xwzHMAIZ99 Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\My Documents\My Music\Bobby Favorites\BSINSTALL.exe/WISE0026.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\Documents and Settings\Owner.BOBBY\My Documents\My Music\Bobby Favorites\BSINSTALL.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\Documents and Settings\Owner.BOBBY\My Documents\My Music\Bobby Favorites\BSINSTALL.exe WiseSFX: infected - 2 skipped
C:\Documents and Settings\Owner.BOBBY\My Documents\My Music\Bobby Favorites\BSINSTALL.exe WiseSFX Dropper: infected - 2 skipped
C:\Documents and Settings\Owner.BOBBY\My Documents\My Music\My Downloads\Native.Instruments.Traktor.DJ.Studio.v3.1.3.incl.Keygen-AiR.zip/Native.Instruments.Traktor.DJ.Studio.v3.1.3.incl.Keygen-AiR/NI_TRAKTOR_DJ_STUDIO_KEYGEN.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
C:\Documents and Settings\Owner.BOBBY\My Documents\My Music\My Downloads\Native.Instruments.Traktor.DJ.Studio.v3.1.3.incl.Keygen-AiR.zip/Native.Instruments.Traktor.DJ.Studio.v3.1.3.incl.Keygen-AiR/setup.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
C:\Documents and Settings\Owner.BOBBY\My Documents\My Music\My Downloads\Native.Instruments.Traktor.DJ.Studio.v3.1.3.incl.Keygen-AiR.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Owner.BOBBY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\ntuser.dat.LOG Object is locked skipped
C:\Downloads\RollerCoasterTycoon2-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Program Files\e52wpldb\ujj4trfr.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.al skipped
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\agent.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\busyprs.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\BWLocalWebListener.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\FileDL.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000011.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\report.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\RG.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\scheddbg.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\MalwareWiped 6.9\MalwareWiped 6.9.exe Infected: not-a-virus:FraudTool.Win32.MalwareWipe.q skipped
C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Program Files\ProcManager.exe Infected: not-a-virus:RiskTool.Win32.PsKill.a skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\onljweo.dll.vir Infected: Trojan-Downloader.Win32.Agent.bkd skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP789\A0129313.exe Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP800\A0129712.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP800\A0129713.DLL Infected: not-a-virus:AdWare.Win32.MySearch.e skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP800\A0129714.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.o skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP808\A0130929.dll Infected: Trojan-Downloader.Win32.Agent.bkd skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP810\change.log Object is locked skipped
C:\WINDOWS\bundles\setup_silent_26221.exe/data0001.bin Infected: not-a-virus:AdWare.Win32.MDH.a skipped
C:\WINDOWS\bundles\setup_silent_26221.exe AWInstall: infected - 1 skipped
C:\WINDOWS\bundles\setup_silent_26221.exe UPX: infected - 1 skipped
C:\WINDOWS\bundles\shopinst.exe Infected: Trojan-Downloader.Win32.Small.wj skipped
C:\WINDOWS\bundles\traspec7.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.aw skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5LP_0001_0715NetInstaller.exe Infected: not-a-virus:Downloader.Win32.Agent.e skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5LP_0001_0715NetInstaller.exe Infected: not-a-virus:Downloader.Win32.Agent.e skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5LP_0001_0715NetInstaller.exe Infected: not-a-virus:Downloader.Win32.Agent.e skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX5LP_0001_0715NetInstaller.exe Infected: not-a-virus:Downloader.Win32.Agent.e skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWFX5LP_0001_0715NetInstaller.exe Infected: not-a-virus:Downloader.Win32.Agent.e skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5LP_0001_0715NetInstaller.exe Infected: not-a-virus:Downloader.Win32.Agent.e skipped
C:\WINDOWS\inst\3p_2.exe/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\WINDOWS\inst\3p_2.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\WINDOWS\inst\3p_2.exe WiseSFX: infected - 2 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\Cache\b2s-162813-fran.exe/data0003 Infected: not-a-virus:AdWare.Win32.Ilookup.b skipped
C:\WINDOWS\system32\Cache\b2s-162813-fran.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\Cache\BlazeVCM.exe/data0002 Infected: Trojan-Downloader.Win32.Envolo.b skipped
C:\WINDOWS\system32\Cache\BlazeVCM.exe/data0004 Infected: Trojan-Downloader.Win32.Envolo.c skipped
C:\WINDOWS\system32\Cache\BlazeVCM.exe NSIS: infected - 2 skipped
C:\WINDOWS\system32\Cache\pounder.exe/Stream/data0002 Infected: Backdoor.Win32.VB.aat skipped
C:\WINDOWS\system32\Cache\pounder.exe/Stream Infected: Backdoor.Win32.VB.aat skipped
C:\WINDOWS\system32\Cache\pounder.exe Inno: infected - 2 skipped
C:\WINDOWS\system32\Cache\shopinst.exe Infected: Trojan-Downloader.Win32.Small.wj skipped
C:\WINDOWS\system32\Cache\videoinst.exe Infected: Trojan-Downloader.Win32.Small.wj skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ehlzeb.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hrcopul.dll Infected: Trojan-Downloader.Win32.Busky.s skipped
C:\WINDOWS\system32\kdrix.exe Infected: Trojan.Win32.DNSChanger.kx skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\qfyqakn.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\ztysid.exe Infected: not-a-virus:AdWare.Win32.Adstart.i skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\woinstall.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.EZula.ak skipped
C:\WINDOWS\woinstall.exe WiseSFX: infected - 1 skipped
D:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP810\change.log Object is locked skipped

Scan process completed.
Attached Files
File Type: txt hijackthislog 11-04-07.txt (5.6 KB, 1 views)
File Type: txt kaspersky-report.txt (80.6 KB, 2 views)
File Type: txt CFScriptlogfile 11-04-07.txt (5.4 KB, 2 views)
Last edited by sUBs; 11-04-2007 at 08:46 PM.
Bobby Smith is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-04-2007, 08:59 PM   #9 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,328
OS: N/A


Re: Pop-ups, Hijackthis log file
Quote:
Number of viruses found: 36
Number of infected objects: 109
That's a lot of crap you have there.



Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/187771-pop-ups-hijackthis-log-file.html#post1153888
Collect::
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\0394ccd6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\0b2331d6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\0d42b0d6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\1bc6f4d6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\23a82af6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\24833106.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\25f48af6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\29be5ab6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\30d261f6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\3f4db1d6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\435c95b6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\4bf9a8f6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\4fb79af6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\52690ee6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\64a88ce6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\68baaaf6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\698175c6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\84c10ff6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\859c3af6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\8d7c66d6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\9721abf6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\99ca1af6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\a7a70536.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\ae9f9ea6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\b26acbd6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\b4a073d6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\bd879af6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\c8c1faf6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\c8d726e6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\d74acaf6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\e2d89356.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\ebf93af6.exe
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\ef6bd166.exe
File::
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-40822d38.zip
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68a78113-30f4dccb.zip
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-540c1c76-4067b059.zip
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d29f7ed-52026c20.zip
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv430.jar-61fcb0a5-41babed0.zip
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-23cd1d22-30b6c555.zip
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-05@11.28.zip
C:\Documents and Settings\Owner.BOBBY\My Documents\My Music\Bobby Favorites\BSINSTALL.exe
C:\Documents and Settings\Owner.BOBBY\My Documents\My Music\My Downloads\Native.Instruments.Traktor.DJ.Studio.v3.1.3.incl.Keygen-AiR.zip
C:\Downloads\RollerCoasterTycoon2-dm[1].exe
C:\Program Files\Morpheus\morpheustoolbar.exe
C:\Program Files\ProcManager.exe
C:\WINDOWS\system32\ehlzeb.dll
C:\WINDOWS\system32\hrcopul.dll
C:\WINDOWS\system32\kdrix.exe
C:\WINDOWS\system32\qfyqakn.dll
C:\WINDOWS\system32\ztysid.exe
C:\WINDOWS\woinstall.exe
Folder::
C:\Deckard
C:\Documents and Settings\Owner.BOBBY\Desktop\backups
C:\Program Files\e52wpldb
C:\Program Files\MalwareWiped 6.9
C:\WINDOWS\bundles
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\Downloaded Program Files\CONFLICT.2
C:\WINDOWS\Downloaded Program Files\CONFLICT.3
C:\WINDOWS\Downloaded Program Files\CONFLICT.4
C:\WINDOWS\Downloaded Program Files\CONFLICT.5
C:\WINDOWS\Downloaded Program Files\CONFLICT.6
C:\WINDOWS\inst
C:\WINDOWS\system32\Cache
Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate another zipped file on your Desktop, called [4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingcomputer.com/subm....php?channel=4


---------------


ESET Online Scanner - Beta
  • Please go to the following link ESET Online Scanner Link
  • Tick the box YES, I accept the Terms Of Use
  • Click the Start button
  • Now click the Install button
  • Click Start

    The scanner engine will initialise and update
  • Do Not tick the box Remove found threats
  • Click the Scan button

    The scan will now run, please be patient
  • When the scan finishes click the Details tab
  • Copy and paste the contents of the scan back here.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-07-2007, 05:23 PM   #10 (permalink)
Registered User
 
Bobby Smith's Avatar
 
Join Date: Dec 2004
Posts: 35
OS: xp home


Re: Pop-ups, Hijackthis log file
I copied and pasted the CFScript.txt into ComboFix.exe.
I submitted the file to bleepingcomputer.com
I ran the ESET Online scanner and it found 89 threats, but the detail screen would not allow me to copy. The screen was to small to print.
What next?
Thanks!
Bobby Smith is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-08-2007, 06:54 AM   #11 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,328
OS: N/A


Re: Pop-ups, Hijackthis log file
Quote:
I copied and pasted the CFScript.txt into ComboFix.exe.
Please post the log that ComboFix produced.

Since you weren't able to extract a log from the NOD32 scan, please perform another Kaspersky scan
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-08-2007, 08:14 PM   #12 (permalink)
Registered User
 
Bobby Smith's Avatar
 
Join Date: Dec 2004
Posts: 35
OS: xp home


Re: Pop-ups, Hijackthis log file
ComboFix log attached and kaspersky scan log attached.
Thanks!

ComboFix 07-11-04.1 - Owner 2007-11-08 18:59:27.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.212 [GMT -6:00]
Running from: C:\Documents and Settings\Owner.BOBBY\My Documents\Bobby's Documents\Tech Support Forum\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner.BOBBY\My Documents\Bobby's Documents\Tech Support Forum\CFScript_used_2007-11-06@19.59.txt
* Created a new restore point

FILE::
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-40822d38.zip
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68a78113-30f4dccb.zip
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-540c1c76-4067b059.zip
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d29f7ed-52026c20.zip
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv430.jar-61fcb0a5-41babed0.zip
C:\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-23cd1d22-30b6c555.zip
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-05@11.28.zip
C:\Documents and Settings\Owner.BOBBY\My Documents\My Music\Bobby Favorites\BSINSTALL.exe
C:\Documents and Settings\Owner.BOBBY\My Documents\My Music\My Downloads\Native.Instruments.Traktor.DJ.Studio.v3.1.3.incl.Keygen-AiR.zip
C:\Downloads\RollerCoasterTycoon2-dm[1].exe
C:\Program Files\Morpheus\morpheustoolbar.exe
C:\Program Files\ProcManager.exe
C:\WINDOWS\system32\ehlzeb.dll
C:\WINDOWS\system32\hrcopul.dll
C:\WINDOWS\system32\kdrix.exe
C:\WINDOWS\system32\qfyqakn.dll
C:\WINDOWS\system32\ztysid.exe
C:\WINDOWS\woinstall.exe
.

((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 )))))))))))))))))))))))))))))))
.

2007-11-08 16:45 24,576 --a------ C:\temp\IadHide3.dll
2007-11-06 20:23 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2007-11-05 13:53 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-05 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-03 15:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 12:37 <DIR> d-------- C:\Program Files\ASIO4ALL v2
2007-10-09 15:31 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 00:24 --------- d-----w C:\Program Files\Quicken
2007-11-07 02:04 --------- d-----w C:\Program Files\Morpheus
2007-11-03 13:52 --------- d-----w C:\Program Files\LimeWire
2007-10-27 22:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-10 18:37 --------- d-----w C:\Program Files\Image-Line
2007-10-07 19:28 --------- d-----w C:\Program Files\Native Instruments
2007-10-04 21:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-24 06:36 --------- d-----w C:\Documents and Settings\Owner.BOBBY\Application Data\Juce VST Host
2007-09-22 19:40 --------- d-----w C:\Program Files\Windows Live
2007-09-22 19:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2004-10-25 03:43 66 ----a-w C:\Documents and Settings\Owner.BOBBY\Application Data\tvmcwrd.dll
2004-10-24 00:35 226,266 ----a-w C:\Documents and Settings\Owner.BOBBY\Application Data\tvmknwrd.dll
2004-10-21 05:57:15 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2007-11-04_16.22.31.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-29 23:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-30 00:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-07-27 21:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 21:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-06 02:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 19:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll
+ 2007-08-03 00:11:28 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2007-08-03 00:11:14 241,664 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2007-08-08 22:30:12 19,456 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2007-06-13 17:10:34 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe
- 2007-08-17 23:03:19 54,280 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-04 22:28:18 54,280 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-08-17 23:03:19 384,596 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-04 22:28:18 384,596 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-07-22 23:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-07-23 00:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 05:06]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-17 18:04]
"Lock My PC"="C:\Program Files\LMPC3\lockpc.exe" [2006-05-26 10:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe" [2003-12-03 08:42]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 12:49]

C:\Documents and Settings\Customers\Start Menu\Programs\Startup\
office depot.mpg [2004-01-22 13:14:28]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 14:19:24]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-12-13 14:28:04]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 16:48:18]
PrintKey-Pro.lnk - C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe [2003-09-19 21:12:40]
Ulead Photo Express 3.0 SE Calendar Checker.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2005-10-05 19:31:34]

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys
R1 ewido security suite driver;ewido security suite driver;\??\C:\Program Files\ewido\security suite\guard.sys
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS
R3 GT680x;GrandTechICNameNT;C:\WINDOWS\system32\Drivers\gt680x.sys
R3 LMPC2;LMPC2;C:\WINDOWS\system32\drivers\LMPC2.sys
S3 ldiskl;ldiskl;\??\C:\DOCUME~1\OWNER~1.BOB\LOCALS~1\Temp\ldiskl.sys
S3 TBU11;Turtle Beach USB MIDI 1x1 Driver;C:\WINDOWS\system32\Drivers\tbu11.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 19:03:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 19:04:42
C:\ComboFix2.txt ... 2007-11-06 20:11
C:\ComboFix3.txt ... 2007-11-05 11:34
.
--- E O F ---


Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Application Data\interMute\SpamSubtract\updates\badwords.re Object is locked skipped
C:\Documents and Settings\Owner\Application Data\interMute\SpamSubtract\updates\words.re Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}\ICO_ZoneDeluxeGamesManager.ico Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}\ICO__Collapse_Deluxe.exe Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}\ICO__Cubis_Deluxe.exe Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}\ICO__Mah_Jong_Tiles_Deluxe.exe Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}\ICO__TextTwist_Deluxe.exe Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}\ICO__Word_MoJo_Deluxe.exe Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\RealOne Player.lnk Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Real\rnadmin\rnsystem.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Sonic\Update Manager\sumdb.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\deployment.properties Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\Options.VcPref Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\Register with Compaq.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Compaq's Internet Service Providers\America Online.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Compaq's Internet Service Providers\CompuServe.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Compaq's Internet Service Providers\Get High-Speed Internet.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\My Yahoo.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Best of the Web.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Briefcase.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Calendar.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Entertainment.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Finance.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Games.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Mail.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Music.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! News.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Personals.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Photos.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Shopping.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Sports.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Travel.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Compaq's Recommended Web Sites\Yahoo\Yahoo! Yellow Pages.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN CarPoint.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN Home.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN HomeAdvisor.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN Hotmail.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN Money.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN People & Chat.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN Shopping.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN Web Search.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.11f1da13.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Works\Portfolio\Sample.wsb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\1033.MST Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012004012620040127\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012004092720041004\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012004100420041005\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\jusched.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pcf1.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\ml1.srt Object is locked skipped
C:\Documents and Settings\Owner\ml2.srt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Music\Get More with Jukebox Plus.mp3 Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\ntuser.ini Object is locked skipped
C:\Documents and Settings\Owner\Recent\3½ Floppy (A).lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\blocks.lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Recent\Finis.lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\msnfix (2).lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\msnfix.lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\msnfixjs (2).lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\msnfixjs.lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\NAR2.lnk Object is locked skipped
C:\Documents and Settings\Owner\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Owner\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Owner\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Owner\SendTo\MUSICMATCH Burner Plus.lnk Object is locked skipped
C:\Documents and Settings\Owner\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\Owner\SendTo\RecordNow!.RecordNowSendToExt Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Entertainment\RealOne Player.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Online Services\Easy Internet Sign-up.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Zone.com Deluxe Games\Play Collapse! Deluxe.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Zone.com Deluxe Games\Play Cubis Deluxe.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Zone.com Deluxe Games\Play Mah Jong Tiles Deluxe.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Zone.com Deluxe Games\Play TextTwist Deluxe.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Zone.com Deluxe Games\Play Word MoJo Deluxe.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Zone.com Deluxe Games\Visit Zone.com Deluxe Games!.lnk Object is locked skipped
C:\Documents and Settings\Owner\tempdiff.txt Object is locked skipped
C:\Documents and Settings\Owner\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Owner\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Owner\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Owner\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Owner\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Owner\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Owner\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Owner\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Owner\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Owner\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Owner\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Owner\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/0394ccd6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/0b2331d6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/0d42b0d6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/1bc6f4d6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/23a82af6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/24833106.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/25f48af6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/29be5ab6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/30d261f6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/3f4db1d6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/435c95b6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/4bf9a8f6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/4fb79af6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/52690ee6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/64a88ce6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/68baaaf6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/698175c6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/84c10ff6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/859c3af6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/8d7c66d6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/9721abf6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/99ca1af6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/a7a70536.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/ae9f9ea6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/b26acbd6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/b4a073d6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/bd879af6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/c8c1faf6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/c8d726e6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/d74acaf6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/e2d89356.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/ebf93af6.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip/ef6bd166.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-06@19.59.zip ZIP: infected - 33 skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\History\History.IE5\MSHist012007110820071109\index.dat Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Temp\me_gvZ2g2aXjzDrafc Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Temp\me_KOAOzsU6RhHeIK4 Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Temp\me_l3CHIJLpkEY19lk Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Temp\me_tNkCLu05s38wGb7 Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner.BOBBY\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\agent.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\busyprs.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\BWLocalWebListener.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\FileDL.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000011.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\report.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\RG.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\scheddbg.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\qoobox\Quarantine\C\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0715NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.Agent.e skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-40822d38.zip.vir/Counter.class Infected: Trojan.Java.ClassLoader.i skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-40822d38.zip.vir/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-40822d38.zip.vir/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-44f46a27-40822d38.zip.vir ZIP: infected - 3 skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68a78113-30f4dccb.zip.vir/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68a78113-30f4dccb.zip.vir/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68a78113-30f4dccb.zip.vir/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-68a78113-30f4dccb.zip.vir ZIP: infected - 3 skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-540c1c76-4067b059.zip.vir/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-540c1c76-4067b059.zip.vir/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-540c1c76-4067b059.zip.vir ZIP: infected - 2 skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d29f7ed-52026c20.zip.vir/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d29f7ed-52026c20.zip.vir/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5d29f7ed-52026c20.zip.vir ZIP: infected - 2 skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv430.jar-61fcb0a5-41babed0.zip.vir/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv430.jar-61fcb0a5-41babed0.zip.vir/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv430.jar-61fcb0a5-41babed0.zip.vir/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv430.jar-61fcb0a5-41babed0.zip.vir ZIP: infected - 3 skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-23cd1d22-30b6c555.zip.vir/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-23cd1d22-30b6c555.zip.vir/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-23cd1d22-30b6c555.zip.vir/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv557.jar-23cd1d22-30b6c555.zip.vir ZIP: infected - 3 skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Desktop\backups\backup-20050726-184927-316.dll.vir Infected: not-a-virus:AdWare.Win32.Comet.e skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Desktop\backups\backup-20050726-184928-521.dll.vir Infected: not-a-virus:AdWare.Win32.Comet.e skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-05@11.28.zip.vir/nvchost.exe Infected: Packed.Win32.Klone.j skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\Desktop\[4]-Submit_2007-11-05@11.28.zip.vir ZIP: infected - 1 skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\My Documents\My Music\Bobby Favorites\BSINSTALL.exe.vir/WISE0026.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\My Documents\My Music\Bobby Favorites\BSINSTALL.exe.vir/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\My Documents\My Music\Bobby Favorites\BSINSTALL.exe.vir WiseSFX: infected - 2 skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\My Documents\My Music\Bobby Favorites\BSINSTALL.exe.vir WiseSFX Dropper: infected - 2 skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\My Documents\My Music\My Downloads\Native.Instruments.Traktor.DJ.Studio.v3.1.3.incl.Keygen-AiR.zip.vir/Native.Instruments.Traktor.DJ.Studio.v3.1.3.incl.Keygen-AiR/NI_TRAKTOR_DJ_STUDIO_KEYGEN.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\My Documents\My Music\My Downloads\Native.Instruments.Traktor.DJ.Studio.v3.1.3.incl.Keygen-AiR.zip.vir/Native.Instruments.Traktor.DJ.Studio.v3.1.3.incl.Keygen-AiR/setup.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
C:\qoobox\Quarantine\C\Documents and Settings\Owner.BOBBY\My Documents\My Music\My Downloads\Native.Instruments.Traktor.DJ.Studio.v3.1.3.incl.Keygen-AiR.zip.vir ZIP: infected - 2 skipped
C:\qoobox\Quarantine\C\Downloads\RollerCoasterTycoon2-dm[1].exe.vir Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\qoobox\Quarantine\C\Program Files\e52wpldb\ujj4trfr.DLL.vir Infected: not-a-virus:AdWare.Win32.ClearSearch.al skipped
C:\qoobox\Quarantine\C\Program Files\MalwareWiped 6.9\MalwareWiped 6.9.exe.vir Infected: not-a-virus:FraudTool.Win32.MalwareWipe.q skipped
C:\qoobox\Quarantine\C\Program Files\Morpheus\morpheustoolbar.exe.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\qoobox\Quarantine\C\Program Files\ProcManager.exe.vir Infected: not-a-virus:RiskTool.Win32.PsKill.a skipped
C:\qoobox\Quarantine\C\WINDOWS\bundles\setup_silent_26221.exe.vir/data0001.bin Infected: not-a-virus:AdWare.Win32.MDH.a skipped
C:\qoobox\Quarantine\C\WINDOWS\bundles\setup_silent_26221.exe.vir AWInstall: infected - 1 skipped
C:\qoobox\Quarantine\C\WINDOWS\bundles\setup_silent_26221.exe.vir UPX: infected - 1 skipped
C:\qoobox\Quarantine\C\WINDOWS\bundles\shopinst.exe.vir Infected: Trojan-Downloader.Win32.Small.wj skipped
C:\qoobox\Quarantine\C\WINDOWS\bundles\traspec7.exe.vir Infected: not-a-virus:AdWare.Win32.BetterInternet.aw skipped
C:\qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5LP_0001_0715NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.Agent.e skipped
C:\qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5LP_0001_0715NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.Agent.e skipped
C:\qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5LP_0001_0715NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.Agent.e skipped
C:\qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX5LP_0001_0715NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.Agent.e skipped
C:\qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\CONFLICT.5\UWFX5LP_0001_0715NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.Agent.e skipped
C:\qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5LP_0001_0715NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.Agent.e skipped
C:\qoobox\Quarantine\C\WINDOWS\inst\3p_2.exe.vir/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\qoobox\Quarantine\C\WINDOWS\inst\3p_2.exe.vir/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\qoobox\Quarantine\C\WINDOWS\inst\3p_2.exe.vir WiseSFX: infected - 2 skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\Cache\b2s-162813-fran.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.Ilookup.b skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\Cache\b2s-162813-fran.exe.vir NSIS: infected - 1 skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\Cache\BlazeVCM.exe.vir/data0002 Infected: Trojan-Downloader.Win32.Envolo.b skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\Cache\BlazeVCM.exe.vir/data0004 Infected: Trojan-Downloader.Win32.Envolo.c skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\Cache\BlazeVCM.exe.vir NSIS: infected - 2 skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\Cache\pounder.exe.vir/Stream/data0002 Infected: Backdoor.Win32.VB.aat skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\Cache\pounder.exe.vir/Stream Infected: Backdoor.Win32.VB.aat skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\Cache\pounder.exe.vir Inno: infected - 2 skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\Cache\shopinst.exe.vir Infected: Trojan-Downloader.Win32.Small.wj skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\Cache\videoinst.exe.vir Infected: Trojan-Downloader.Win32.Small.wj skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ehlzeb.dll.vir Infected: Trojan.Win32.Obfuscated.ev skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\hrcopul.dll.vir Infected: Trojan-Downloader.Win32.Busky.s skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\kdrix.exe.vir Infected: Trojan.Win32.DNSChanger.kx skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\onljweo.dll.vir Infected: Trojan-Downloader.Win32.Agent.bkd skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\qfyqakn.dll.vir Infected: Trojan.Win32.Obfuscated.ev skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ztysid.exe.vir Infected: not-a-virus:AdWare.Win32.Adstart.i skipped
C:\qoobox\Quarantine\C\WINDOWS\woinstall.exe.vir/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.EZula.ak skipped
C:\qoobox\Quarantine\C\WINDOWS\woinstall.exe.vir WiseSFX: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP789\A0129313.exe Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP800\A0129712.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP800\A0129713.DLL Infected: not-a-virus:AdWare.Win32.MySearch.e skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP800\A0129714.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.o skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP808\A0130929.dll Infected: Trojan-Downloader.Win32.Agent.bkd skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131116.exe Infected: not-a-virus:Downloader.Win32.Agent.e skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131124.dll Infected: not-a-virus:AdWare.Win32.Comet.e skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131126.dll Infected: not-a-virus:AdWare.Win32.Comet.e skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131128.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.al skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131130.exe Infected: not-a-virus:FraudTool.Win32.MalwareWipe.q skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131144.exe/data0001.bin Infected: not-a-virus:AdWare.Win32.MDH.a skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131144.exe AWInstall: infected - 1 skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131144.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131145.exe Infected: Trojan-Downloader.Win32.Small.wj skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131147.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.aw skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131148.exe/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131148.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131148.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131149.exe/data0003 Infected: not-a-virus:AdWare.Win32.Ilookup.b skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131149.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131150.exe/data0002 Infected: Trojan-Downloader.Win32.Envolo.b skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131150.exe/data0004 Infected: Trojan-Downloader.Win32.Envolo.c skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131150.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131151.exe/Stream/data0002 Infected: Backdoor.Win32.VB.aat skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131151.exe/Stream Infected: Backdoor.Win32.VB.aat skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131151.exe Inno: infected - 2 skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131152.exe Infected: Trojan-Downloader.Win32.Small.wj skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131155.exe Infected: Trojan-Downloader.Win32.Small.wj skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131189.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131190.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131191.exe Infected: not-a-virus:RiskTool.Win32.PsKill.a skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131192.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131193.dll Infected: Trojan-Downloader.Win32.Busky.s skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131194.exe Infected: Trojan.Win32.DNSChanger.kx skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131195.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131196.exe Infected: not-a-virus:AdWare.Win32.Adstart.i skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131197.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.EZula.ak skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP813\A0131197.exe WiseSFX: infected - 1 skipped
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP815\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3B90E15F-CAE9-4375-A40F-FFD5576AA187}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP815\change.log Object is locked skipped

Scan process completed.
Attached Files
File Type: txt CFScriptlogfile 11-08-07.txt (7.8 KB, 2 views)
File Type: txt kaspersky-report 11-08-07.txt (93.8 KB, 2 views)
Last edited by Ried; 11-09-2007 at 06:55 PM.
Bobby Smith is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2007, 07:04 PM   #13 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,555
OS: WinXP and Vista


Re: Pop-ups, Hijackthis log file
Hello again Bobby,

I appreciate sUBs taking time out of his busy schedule to assist my users while I was away.

Kaspersky is only reporting items in quarantine and in your system restore.

The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

Kindly respond one more time and let us know if we may consider this thread resolved.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-09-2007, 09:58 PM   #14 (permalink)
Registered User
 
Bobby Smith's Avatar
 
Join Date: Dec 2004
Posts: 35
OS: xp home


Re: Pop-ups, Hijackthis log file
Thanks Ried! I greatly appreciate your time and your colleague's efforts.
Bobby Smith is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:35 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85