Tech Support banner
Status
Not open for further replies.
1 - 11 of 11 Posts

·
Registered
Joined
·
7 Posts
Discussion Starter · #1 ·
Hi can someone help me with this log?

Logfile of HijackThis v1.99.1
Scan saved at 12:26:14 PM, on 2/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\msngrsm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\windows\system32\oodsregk.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\WINDOWS\system32\OSK.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\cv\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.firstadsolution.com/ifram...cuments%20and%20settings/guest/my%20documents
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e33.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e33.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [NI.UWA6P_0001_N91M1807] "C:\Documents and Settings\cv\Desktop\WinAntiVirusPro2006FreeInstall.exe" -nag
O4 - HKLM\..\Run: [ms0691017-12659] C:\WINDOWS\ms0691017-12659.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Sloopy7.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\twinppea.exe GEN001
O4 - HKLM\..\Run: [{A8-82-29-97-ZN}] C:\windows\system32\oodsregk.exe GEN001
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\twinppea.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?e425f51a12304f0bb566ec96bdb3eb39
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?e425f51a12304f0bb566ec96bdb3eb39
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1118902387266
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bw+0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: rundll.exe - Unknown owner - C:\WINDOWS\msngrsm.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
 

·
Registered
Joined
·
2,506 Posts
Hello plzhelpmeIrnoob, welcome to TSF and thanks for your patience. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.

Unhide Files
Go to My Computer > Tools > Folder Options > View tab and select "Show hidden files and folders". Uncheck the "Hide protected operating system files (Recommended)" option. Also make sure there is no checkmark beside "Hide file extensions for known file types". Click OK.


Download ComboScan
Please download ComboScan and save it to your Desktop. Do not run it yet.


Download Brute Force Uninstaller
Please download Brute Force Uninstaller to your desktop.
  1. Right click bfu.zip on your desktop, and choose Extract All. Click "Next".
  2. In the box to choose where to extract the files to, click "Browse".
  3. Click on the + sign next to "My Computer".
  4. Click on "Local Disk (C:) (or whatever your primary drive is).
  5. Click "Make New Folder" and type in BFU. Click "Next".
  6. Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download the Alcra PLUS Remover. Save it in the same folder you made earlier (i.e., C:\BFU).

Do not do anything with these yet!


Download SDFix
Please download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (the drive that contains the Windows directory, typically C:\SDFix). Don't do anything else with this tool yet.


Delete Service
Click Start>Run - type SERVICES.MSC and then click on the OK button.
  1. Locate the service - Viewpoint Manager Service
  2. Stop the service by using the Stop button.
  3. Change the Startup Type to Disabled and click the OK button.
  4. Start HiJackThis and go to Config... -> Misc.Tools -> Delete an NT service.
  5. In the popup box that appears, type in Viewpoint Manager Service.
  6. Click the OK button and answer No if prompted to reboot.

Uninstall
Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):
Viewpoint Manager
webHancer
WinAntiVirusPro2006
Please let me know if any of these were unable to uninstall.


Reboot
Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.


HijackThis Fixes
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any):


R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.firstadsolution.com/iframe3?wiEAA[...]
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [NI.UWA6P_0001_N91M1807] "C:\Documents and Settings\cv\Desktop\WinAntiVirusPro2006FreeInstall.exe" -nag
O4 - HKLM\..\Run: [ms0691017-12659] C:\WINDOWS\ms0691017-12659.exe
O4 - HKLM\..\Run: [{A8-82-29-97-ZN}] C:\windows\system32\oodsregk.exe GEN001
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
O18 - Protocol: bw+0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis.


Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
C:\Documents and Settings\cv\Desktop\WinAntiVirusPro2006FreeInstall.exe
C:\Program Files\webHancer
C:\WINDOWS\Sloopy7.exe
C:\WINDOWS\system32\oodsregk.exe
C:\WINDOWS\system32\twinppea.exe


Run Brute Force Uninstaller
Please go to Start > My Computer and navigate to the folder you installed BFU in (i.e, C:\BFU).
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon
    and select alcanshorty.bfu
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.


Run SDFix
  • Open the SDFix folder (typically C:\SDFix) and double click RunThis.bat.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads, the Fixtool will complete the removal and display Finished. Press any key to end the script and load your desktop icons.
  • The tool will produce a file called Report.txt in the SDFix folder. Please include the contents of that file with your next report.

You should be back in Normal mode at this point.


Run ComboScan
  1. Close all applications and windows.
  2. Double-click on comboscan.exe to run it, and follow the prompts.
  3. When the scan is complete, a text file will open - ComboScan.txt.
  4. Please copy and paste the contents of ComboScan.txt in your thread.
  5. A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.
  6. Please attach Supplementary.txt to your post.

With Your Next Post...
Please paste the following with your next reply (in this order please):
  1. The contents of C:\SDFix\Report.txt,
  2. the contents of ComboScan.txt, and
  3. please attach the C:\ComboScan\Supplementary.txt file.
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #5 ·
Thank you Deckard for the help here are the file in that order.


SDFix: Version 1.63

Thu 02/08/2007 - 13:49:15.62

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
rundll.exe

Path:
"C:\WINDOWS\msngrsm.exe"

rundll.exe Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\kazaabackupfiles\101keygen.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\Adobe-Photoshop.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\Adobe-Product-Keygen.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\crack.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\Emulator.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\info.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\Kaspersky.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\Keygen.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\mIRC Keygen.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\mIRC.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\N64.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\PS.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\PS2-Emulator.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\PS2.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\SNES.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\Virus-Scan.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\Windows XP All Keygen.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\Windows.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\Xbox emulator.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\Xbox rom.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\Xbox.exe - Deleted
C:\WINDOWS\system32\kazaabackupfiles\XPSP2.exe - Deleted
C:\dbg.txt - Deleted
C:\WINDOWS\msngrsm.exe - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\tcb.pmw - Deleted
C:\WINDOWS\Uninst2.htm - Deleted
C:\WINDOWS\Unist1.htm - Deleted


Folder C:\WINDOWS\system32\kazaabackupfiles - Removed

ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:mad:xpsp2res.dll,-22019"
"c:\\windows\\system32\\rlvknlg.exe"="c:\\windows\\system32\\rlvknlg.exe:*:Disabled:rlvknlg.exe"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\cv\Desktop\Puppies Shampoo\Blah\~WRL1563.tmp

Finished


ComboScan v20070208.10 run by cv on 2007-02-08 at 14:02:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Unable to create System Restore WMI object; error code: 0x80041002
Performed disk cleanup.


-- HijackThis log (run as cv.com) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 2:02:31 PM, on 2/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\cv\Desktop\comboscan.exe
C:\DOCUME~1\cv\LOCALS~1\Temp\~rdrowqq.tmp\cv.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?e425f51a12304f0bb566ec96bdb3eb39
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?e425f51a12304f0bb566ec96bdb3eb39
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1118902387266
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bw+0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe


-- HijackThis Fixed Entries (C:\Documents and Settings\cv\Desktop\backups\) -----

backup-20070208-133954-101 O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://click.mirarsearch.com/CABUPDATES/winwcd.cab
backup-20070208-133954-106 O4 - HKLM\..\Run: [ms0691017-12659] C:\WINDOWS\ms0691017-12659.exe
backup-20070208-133954-202 O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
backup-20070208-133954-305 O4 - HKLM\..\Run: [{A8-82-29-97-ZN}] C:\windows\system32\oodsregk.exe GEN001
backup-20070208-133954-761 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
backup-20070208-133954-784 O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
backup-20070208-133954-807 R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
backup-20070208-133954-839 O4 - HKLM\..\Run: [NI.UWA6P_0001_N91M1807] "C:\Documents and Settings\cv\Desktop\WinAntiVirusPro2006FreeInstall.exe" -nag
backup-20070208-133954-965 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ad.firstadsolution.com/ifram...cuments%20and%20settings/guest/my%20documents
backup-20070208-133954-974 O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
backup-20070208-133955-118 O18 - Protocol: bw10s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-138 O18 - Protocol: bwr0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-167 O18 - Protocol: bw40 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-185 O18 - Protocol: bw80s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-192 O18 - Protocol: bwx0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-217 O18 - Protocol: bwg0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-231 O18 - Protocol: bwg0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-237 O18 - Protocol: bwt0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-245 O18 - Protocol: bwj0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-259 O18 - Protocol: bwe0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-308 O18 - Protocol: bw30 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-311 O18 - Protocol: bw60s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-313 O18 - Protocol: bwa0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-316 O18 - Protocol: bws0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-318 O18 - Protocol: bwv0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-346 O18 - Protocol: bw10 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-366 O18 - Protocol: bw20s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-373 O18 - Protocol: bws0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-383 O18 - Protocol: bwy0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-388 O18 - Protocol: bwj0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-394 O18 - Protocol: bwe0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-398 O18 - Protocol: bwf0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-413 O18 - Protocol: bwo0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-416 O18 - Protocol: bwq0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-483 O18 - Protocol: bw+0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-529 O18 - Protocol: bwp0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-540 O18 - Protocol: bwc0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-553 O18 - Protocol: bwi0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-556 O18 - Protocol: bww0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-557 O18 - Protocol: bwu0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-587 O18 - Protocol: bwd0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-589 O18 - Protocol: bwh0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-619 O18 - Protocol: bwc0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-643 O18 - Protocol: bwl0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-651 O18 - Protocol: bw90 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-653 O18 - Protocol: bwk0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-660 O18 - Protocol: bwh0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-662 O18 - Protocol: bwm0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-676 O18 - Protocol: bwn0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-683 O18 - Protocol: bwd0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-699 O18 - Protocol: bwl0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-700 O18 - Protocol: bwa0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-702 O18 - Protocol: bw40s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-705 O18 - Protocol: bw-0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-707 O18 - Protocol: bwv0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-709 O18 - Protocol: bwu0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-713 O18 - Protocol: bwi0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-721 O18 - Protocol: bwy0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-724 O18 - Protocol: bw-0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-731 O18 - Protocol: bww0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-737 O18 - Protocol: bwx0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-740 O18 - Protocol: bw50s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-746 O18 - Protocol: bw30s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-754 O18 - Protocol: bwt0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-757 O18 - Protocol: bwb0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-769 O18 - Protocol: bw00 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-770 O18 - Protocol: bwz0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-777 O18 - Protocol: bwp0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-785 O18 - Protocol: bw70 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-793 O18 - Protocol: bwm0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-813 O18 - Protocol: bw70s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-815 O18 - Protocol: bw50 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-827 O18 - Protocol: offline-8876480 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-848 O18 - Protocol: bw00s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-874 O18 - Protocol: bwz0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-918 O18 - Protocol: bwq0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-921 O18 - Protocol: bwn0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-922 O18 - Protocol: bwr0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-940 O18 - Protocol: bwk0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-951 O18 - Protocol: bw20 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-952 O18 - Protocol: bw90s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-960 O18 - Protocol: bwb0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-965 O18 - Protocol: bw60 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-982 O18 - Protocol: bwf0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-995 O18 - Protocol: bw80 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
backup-20070208-133955-998 O18 - Protocol: bwo0s - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

1 AmdK7 (AMD K7 Processor Driver) - System32\DRIVERS\amdk7.sys
3 ati2mtag - System32\DRIVERS\ati2mtag.sys
3 ATICDSDr - \??\C:\ATI\SUPPORT\6-11-pre-r300_xp-2k_dd_ccc_wdm_38185\bin\atiicdxx.sys
3 CA561 (ICatch VI PC CAMERA) - System32\Drivers\SPCA561.SYS
3 CCDECODE (Closed Caption Decoder) - system32\DRIVERS\CCDECODE.sys
3 hidusb (Microsoft HID Class Driver) - System32\DRIVERS\hidusb.sys
3 ip100xp (IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver) - System32\DRIVERS\ipfnd51.sys
3 itchfltr (iTouch Keyboard Filter) - system32\DRIVERS\itchfltr.sys
1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys
3 L8042pr2 (Logitech PS/2 Mouse Filter Driver) - system32\DRIVERS\L8042pr2.Sys
3 LCcfltr (Logitech USB Filter Driver) - System32\Drivers\LCcFltr.Sys
3 LHidFlt2 (Logitech HID/USB Mouse Filter Driver) - system32\DRIVERS\LHidFlt2.Sys
3 LHidUsb (Logitech USB Receiver device driver) - System32\Drivers\LHidUsb.Sys
3 LMouFlt2 (Logitech Mouse Class Filter Driver) - system32\DRIVERS\LMouFlt2.Sys
3 Memctl - \??\C:\Program Files\ABIT\FlashMenu\Memctl.sys
3 mouhid (Mouse HID Driver) - System32\DRIVERS\mouhid.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - system32\DRIVERS\NABTSFEC.sys
3 NdisIP (Microsoft TV/Video Connection) - system32\DRIVERS\NdisIP.sys
3 nm (Network Monitor Driver) - system32\DRIVERS\NMnt.sys
3 NPF (NetGroup Packet Filter Driver) - system32\drivers\npf.sys
2 npkcrypt - \??\C:\Program Files\Wizet\Copy of MapleStory\npkcrypt.sys
3 npkcusb - \??\C:\Program Files\Wizet\MapleStory\npkcusb.sys
0 nvatabus - system32\drivers\nvatabus.sys
3 nvax (Service for NVIDIA(R) nForce(TM) Audio Enumerator) - system32\drivers\nvax.sys
3 nvnforce (Service for NVIDIA(R) nForce(TM) Audio) - system32\drivers\nvapu.sys
0 nv_agp (NVIDIA nForce AGP Bus Filter) - system32\DRIVERS\nv_agp.sys
3 PRISM_A02 (802.11a/g USB Driver) - system32\DRIVERS\WUSB20XP.sys
3 PSSdk23 - \??\C:\WINDOWS\system32\Drivers\PsSdk23.drv
3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys
0 sptd - System32\Drivers\sptd.sys
3 streamip (BDA IPSink) - system32\DRIVERS\StreamIP.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - System32\DRIVERS\usbehci.sys
3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - System32\DRIVERS\usbohci.sys
3 USBSTOR (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
3 WINFLASH - \??\C:\Program Files\ABIT\FlashMenu\WinFlash.sys
4 WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - \SystemRoot\System32\drivers\ws2ifsl.sys
3 WSTCODEC (World Standard Teletext Codec) - system32\DRIVERS\WSTCODEC.SYS
3 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys
3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2 Ati HotKey Poller - %SystemRoot%\system32\Ati2evxx.exe
2 ATI Smart - C:\WINDOWS\system32\ati2sgag.exe
2 Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2 CAISafe - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
3 gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
3 LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
3 usnsvc (Messenger Sharing USN Journal Reader service) - C:\WINDOWS\system32\svchost.exe -k usnsvc
3 usprserv (User Privilege Service) - %SystemRoot%\System32\svchost.exe -k netsvcs
2 VETMSGNT (VET Message Service) - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
3 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup


-- Scheduled Tasks --------------------------------------------------------------

2007-02-08 13:28:25 248 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job<CHECKU~1.JOB>


-- Files created between 2007-01-08 and 2007-02-08 ------------------------------

2007-02-08 13:48:29 0 d-------- C:\SDFix
2007-02-08 13:47:53 0 d-------- C:\bintheredunthat<BINTHE~1>
2007-02-08 13:19:17 0 d-------- C:\BFU
2007-01-28 21:26:37 0 d-------- C:\Program Files\Windows Media Connect 2<WI4DF6~1>
2007-01-28 21:21:13 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-01-28 13:40:50 0 d-------- C:\Program Files\BoundAround_Demo<BOUNDA~1>
2007-01-27 17:01:41 0 d-------- C:\WINDOWS\NamelessRO Eclipse<NAMELE~1>
2007-01-27 12:06:00 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2007-01-13 22:12:18 0 d-------- C:\Documents and Settings\cv\Application Data\Media Player Classic<MEDIAP~1>
2007-01-11 16:46:57 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-01-09 20:56:45 0 d-------- C:\Documents and Settings\cv\Application Data\Help


-- Find3M Report ----------------------------------------------------------------

2007-02-08 13:25:05 0 d-------- C:\Program Files\Viewpoint<VIEWPO~1>
2007-02-08 13:21:42 0 d---s---- C:\Documents and Settings\cv\Application Data\Microsoft<MICROS~1>
2007-02-07 16:39:38 0 d-------- C:\Program Files\Google
2007-01-28 22:58:17 0 d-------- C:\Program Files\Gpotato
2007-01-27 13:28:07 0 d-------- C:\Program Files\Windows Live Toolbar<WINDOW~4>
2007-01-25 18:30:11 0 d-------- C:\Program Files\Ntreev
2007-01-25 18:16:23 0 d-------- C:\Program Files\Nexon
2007-01-24 22:18:30 0 d-------- C:\Program Files\Wizet
2007-01-24 18:19:31 0 d-------- C:\Program Files\AOL
2007-01-24 18:19:30 0 d-------- C:\Program Files\Common Files\AOL
2007-01-24 18:01:51 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-23 16:20:58 0 d-------- C:\Program Files\StepMania<STEPMA~1>
2007-01-11 16:48:23 0 d-------- C:\Documents and Settings\cv\Application Data\Mozilla
2007-01-07 00:19:06 0 d-------- C:\Program Files\FrozenFruits<FROZEN~1>
2007-01-01 18:56:23 0 d-------- C:\Program Files\Java
2006-12-20 16:51:12 0 d-------- C:\Program Files\XBC
2006-12-10 18:49:54 0 d-------- C:\Documents and Settings\cv\Application Data\Yahoo!
2006-12-01 15:47:32 1082 --a------ C:\WINDOWS\system32\winpfz32.sys<Unsigned: n/a>
2006-11-30 15:40:22 982 --a------ C:\WINDOWS\system32\winpfg32.sys<Unsigned: n/a>
2006-11-10 22:17:29 32768 --a------ C:\WINDOWS\rtevwmwj.exe<Unsigned: n/a>
2006-11-08 16:47:40 32768 --a------ C:\WINDOWS\mjkacjxs.exe<Unsigned: n/a>


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"Logitech Utility"="Logi_MwX.Exe"
"CaAvTray"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe\""
"CAVRID"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVRID.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
"MIDI Sound Handler"="HSMIDI.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
"MIDI Sound Handler"="HSMIDI.EXE"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Unable to create WMI object; error code: 0x80041002
Unable to create WMI object; error code: 0x80041002
-- End of ComboScan: finished at 2007-02-08 at 14:03:57 -------------------------


ComboScan v20070208.10 run by cv on 2007-02-08 at 14:02:20
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is unknown.

-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\cv\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CVO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\cv
LOGONSERVER=\\CVO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\cv\LOCALS~1\Temp
TMP=C:\DOCUME~1\cv\LOCALS~1\Temp
USERDOMAIN=CVO
USERNAME=cv
USERPROFILE=C:\Documents and Settings\cv
windir=C:\WINDOWS


-- User Profiles ----------------------------------------------------------------

cv
Guest


-- Add/Remove Programs ----------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Age of Empires II - The Conquerors Expansion Uninstaller --> C:\WINDOWS\unvise32.exe C:\Program Files\Age of Empires II\uninstal.log
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
eTrust EZ Antivirus --> C:\WINDOWS\unvet32.exe
FlashMenu --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0555CC40-C007-11D4-B257-0050BAA96AA5}\Setup.exe" -l0x9
Form Fill (Windows Live Toolbar) --> MsiExec.exe /X{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}
Frozen Fruits 1.3 --> "C:\Program Files\FrozenFruits\unins000.exe"
Frozen Fruits 2 --> "C:\Program Files\FrozenFruits2\unins000.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
HijackThis 1.99.1 --> C:\Documents and Settings\cv\Desktop\HijackThis.exe /uninstall
Ink --> MsiExec.exe /I{9FCB2876-554D-491D-A2CD-58F8252D6C64}
Insaniquarium Deluxe 1.0 --> C:\Program Files\Yahoo! Games\Insaniquarium Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Insaniquarium Deluxe\Install.log"
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
K-Lite Mega Codec Pack 1.37 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
KSignAccessToolkit v1.0 --> C:\WINDOWS\system32\UnInstall_KAccess.exe
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech iTouch Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.75 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MapleStory --> MsiExec.exe /I{F99C5427-4D78-43E2-B97E-F4C4E622D612}
MapleStory --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEC511B1-59CB-4F15-AD75-0543034572A5}\Setup.exe"
Microangelo Creation --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microangelo\creation.isu"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
MSN Gaming Zone --> C:\PROGRA~1\MSNGAM~1\zsetup.exe /Uninstall
MUSICMATCH Jukebox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
NamelessRO Eclipse --> "C:\WINDOWS\NamelessRO Eclipse\uninstall.exe" "/U:C:\Program Files\Gravity\RagnarokOnline\Uninstall\uninstall.xml"
NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
NvMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
Ragnarok Online --> MsiExec.exe /I{7DE063FD-95D4-40A2-BBD0-6A067FDB78B1}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
SONIC ADVENTURE DX-Director's Cut Demo A Version --> C:\Program Files\Sega\SONICADVENTUREDX_DEMO_A\unsetup.exe
StepMania (remove only) --> "C:\Program Files\StepMania\uninst.exe"
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{1707BF02-0F5C-4A6C-8F17-053BB73E443F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Live Messenger --> MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {9DA72A9F-4246-4C10-B0FA-D8C1037D45F8}
Windows Live Toolbar --> MsiExec.exe /X{9DA72A9F-4246-4C10-B0FA-D8C1037D45F8}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Overlay Components --> C:\WINDOWS\offun.exe
WinPcap 3.0 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XBC 5.1 --> C:\PROGRA~1\XBC\UNWISE.EXE C:\PROGRA~1\XBC\INSTALL.LOG
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\common\unypsr.exe
Yahoo! extras --> C:\PROGRA~1\Yahoo!\common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\WINDOWS\cache\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\common\YMMAPI~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\common\unyt.exe


-- End of ComboScan: finished at 2007-02-08 at 14:03:57 -------------------------
 

·
Registered
Joined
·
2,506 Posts
I think we got the major stuff -- let's clean up what I can still see and do some scans to see what else is there.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.


Download Attachment
Download the file attached to this post and save it to your desktop. Extract it and double-click on the plzhelpmeIrnoob.reg file. It will ask you if you want to merge/add it to the registry -- choose Yes. You may delete both files now.


Download CleanUp!
Download and install CleanUp! but do not run it yet. (alternate link if main link isn't working: http://www.greyknight17.com/spy/CleanUp.exe)

WARNING: CleanUp! deletes EVERYTHING out of temporary folders and does not make backups. If you have any documents or programs that are saved in any temporary folders, please make a backup of these before running CleanUp!

WARNING: Do not run cleanup under Windows XP x64 Edition. If you're not sure if you have the 64-bit version of Windows then you probably do not; however, you can check by using IE to download the whichcpu tool and then running it.


Download AVG Anti-Spyware
Please download, install, and update AVG Anti-Spyware.
  1. Load AVG Anti-Spyware and then click the Shield tab at the top
    • Click on the word active to change it to inactive.
  2. Click the Update tab at the top:
    • Under Manual update, click Start update. After the update finishes, the status bar at the bottom will display "Update successful". If you are having trouble updating, you can also download and run the manual updater.
    • Under Automatic update, change the Update interval to something more reasonable like 12 or 24 hours.
  3. Click the Scanner tab at the top and then the Settings sub-tab:
    • Under How to act?, click Recommended actions and select Quarantine.
    • Under Reports, select Automatically generate report after every scan
  4. Close AVG Anti-Spyware. Do not run a scan with it yet.

Uninstall
Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
Viewpoint Media Player
Please let me know if any of these were unable to uninstall.


Reboot
Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.


Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
C:\WINDOWS\system32\winpfg32.sys
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\mjkacjxs.exe
C:\WINDOWS\rtevwmwj.exe


Run CleanUp!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
  • Click "Options..."
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following:
    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch files
    • Cleanup! All Users
    • Click on the "Temporary Files" and make sure the box for "Scan drives for file matching" is unchecked.
    Click OK.
  • Press the CleanUp! button to start the program.
Once it's finished CleanUp! will ask you to logoff/reboot. Please select NO as we will do this later.


Run AVG Anti-Spyware
  • Run AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action.
  • If Set all elements to is not set to Quarantine (1), please click Recommended Action and choose Quarantine from the popup menu (2).
  • At the bottom of the window, click on the Apply all actions button (3).
  • When it has finished, click the Save Scan Report button (4), then click Save Report As and save the report it to your desktop.
  • Close AVG Anti-Spyware.

Reboot
Reboot your system to Normal Mode.


Online Scan
Perform an online scan with Internet Explorer with Panda ActiveScan.
  1. Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker.
  2. Enter your e-mail address, country, and state and click Scan Now.
  3. Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control.
  4. Begin the scan by selecting My Computer. Note:
    • Please turn off the real time scanner of any existing antivirus program while performing the online scan.
    • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
    • Click on See report then click Save report.
    • It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report.

With Your Next Post...
Please paste the following with your next reply (in this order please):
  1. AVG Anti-Spyware scan report,
  2. Panda ActiveScan report,
  3. a new HiJackThis log taken after Kaspersky finishes.
Also let me know how your machine is behaving now.
 

Attachments

·
Registered
Joined
·
7 Posts
Discussion Starter · #7 ·
thank you deckard here are my reports in that order

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:14:55 PM 2/9/2007

+ Scan result:



C:\Documents and Settings\All Users\Application Data\AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP312\A0262615.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP312\A0262616.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373\A0309100.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373\A0309101.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\bwqqttit.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\diyciovb.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\dlvbiijv.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\hzepywlq.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\itulrbtl.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\jtvctifw.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\mwkgvupy.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\nbztubeu.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\nnmtylqd.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\poovdmet.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\qcgbuvyo.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\qdrmdcni.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\qrdljtng.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\qvegkhxz.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\rgifvvug.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\ukpfrsll.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\uquxrren.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\vabaxwjz.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\veymaywu.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\vippouaa.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\vsegyulf.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Adware.BookedSpace : Error during cleaning.
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Adware.BookedSpace : Error during cleaning.
HKLM\SOFTWARE\DriveCleaner 2006 Free -> Adware.DriveCleaner : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinNB58.dll -> Adware.Mirar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\KBBar.KBBarBand -> Adware.PowerStrip : Error during cleaning.
HKLM\SOFTWARE\Classes\KBBar.KBBarBand.1 -> Adware.PowerStrip : Error during cleaning.
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP310\A0260469.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0278813.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\WINDOWS\876056.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\Uninstall.exe -> Adware.SearchClickAds : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP312\A0262626.exe -> Adware.SystemDoctor : Cleaned with backup (quarantined).
C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll -> Adware.Viewpoint : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0278797.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0278798.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0278799.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0278811.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Error during cleaning.
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Error during cleaning.
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0278795.exe -> Adware.Webhancer.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP312\A0262620.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP312\A0262621.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP312\A0262623.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP312\A0262624.exe -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP358\A0303557.cpl -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308602.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308605.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308659.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308660.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308661.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308662.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308665.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/msngrsm.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308635.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\bintheredunthat\313132322D2D2D.exe -> Downloader.Adload.aj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0278790.exe -> Downloader.Agent.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0278807.exe -> Downloader.Agent.dz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308664.exe -> Downloader.Agent.dz : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\CRACK\KGNSW.EXE -> Downloader.Delf.br : Cleaned with backup (quarantined).
C:\919_133.exe -> Downloader.Dyfuca.fb : Cleaned with backup (quarantined).
C:\Documents and Settings\cv\Desktop\backups\backup-20070208-133954-784.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\Common Files\urmi\urmid\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\141ts.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0278789.exe -> Downloader.VB.apu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0278806.exe -> Downloader.VB.apu : Cleaned with backup (quarantined).
C:\921_135b.exe -> Downloader.Zlob.avo : Cleaned with backup (quarantined).
C:\803_104.exe -> Dropper.Mudrop.bq : Cleaned with backup (quarantined).
C:\921_135.exe -> Dropper.Mudrop.bq : Cleaned with backup (quarantined).
C:\Documents and Settings\cv\Desktop\Etc\O__O!.exe -> Trojan.Favadd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP311\A0261470.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP313\A0272734.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP313\A0272735.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0277745.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0277746.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0278745.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0278746.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0278815.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\srvjvpucfm.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\srvxtermkb.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\bintheredunthat\ms045991017-1262006.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308603.exe -> Trojan.YourEnhancement : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/101keygen.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/Adobe-Photoshop.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/Adobe-Product-Keygen.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/Emulator.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/Kaspersky.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/Keygen.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/N64.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/PS.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/PS2-Emulator.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/PS2.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/SNES.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/Virus-Scan.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/Windows XP All Keygen.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/Windows.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/XPSP2.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/Xbox emulator.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/Xbox rom.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/Xbox.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/crack.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/info.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/mIRC Keygen.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/mIRC.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308613.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308614.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308615.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308616.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308617.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308618.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308619.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308620.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308621.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308622.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308623.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308624.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308625.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308626.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308627.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308628.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308629.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308630.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308631.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308632.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308633.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308634.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cyc.exe -> Worm.SpyBot.hd : Cleaned with backup (quarantined).


::Report end




Incident Status Location

Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\cv\Application Data\Registry Cleaner
Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\documents and settings\all users\application data\WinAntiVirus Pro 2006
Adware:adware/popper Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/ucmore Not disinfected Windows Registry
Adware:adware/bookedspace Not disinfected Windows Registry
Adware:adware/mirar Not disinfected Windows Registry
Adware:adware/webhancer Not disinfected Windows Registry
Adware:adware/powerstrip Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\cv\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe

Logfile of HijackThis v1.99.1
Scan saved at 6:29:37 PM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\cv\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?e425f51a12304f0bb566ec96bdb3eb39
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?e425f51a12304f0bb566ec96bdb3eb39
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1118902387266
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bw+0 - {EC504D98-19DC-448A-AEA0-4B50D1EC5A06} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #8 ·
sorry forgot to say my comp said Gameguard Error 114 "An error has occurred while resetting Gameguard. Please try rebooting the system before restarting the client, or close all programs that potentially collide with the client before retstarting. we recommend running virus/spyware checks for your system."
 

·
Registered
Joined
·
2,506 Posts
Great, we found a lot more stuff and removed it. I want to run another couple scans.

Deletions
Delete the following Folders indicated in BLUE if they still exist:
C:\bintheredunthat
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\CRACK
C:\Program Files\Common Files\urmi
C:\Program Files\Viewpoint
C:\SDFix\backups


Download Dr.Web CureIt
Download Dr.Web CureIt to the Desktop.
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured (in case if we need samples).
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Online Scanner
Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded, click on NEXT.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database: extended
    • Scan Options: Scan Archives and Scan Mail Bases
  • Click OK
  • Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done.
  • Now under select a target to scan, select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run all the way.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button and save the file to your desktop.
  • Copy and paste that information in your next post.
Take note the names and locations of any file it detects but fails to clean.


Check Windows Firewall
Your Gameguard error might be because of your Windows Firewall -- can you check to see if it's active? Go to Start > Settings > Control Panel > Windows Firewall. Make sure it's turned on. You might have to add Gameguard and your game as exceptions (see the exception tab).


With Your Next Post...
Please post your Dr.Web CureIt log and the results from the Kaspersky WebScanner.
 

·
Registered
Joined
·
7 Posts
Discussion Starter · #10 ·
Hello Deckard, here are my results

Dr. Web

Process.exe;C:\SDFix\apps;Tool.Prockill;Incurable.Moved.;
A0278865.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP315;Probably DLOADER.Trojan;Incurable.Moved.;
A0309106.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.TargetServer;Incurable.Moved.;
A0309107.exe\data001;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373\A0309107.exe;Trojan.Popuper;;
A0309107.exe\data002;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373\A0309107.exe;Trojan.Popuper;;
A0309107.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Archive contains infected objects;Moved.;
A0309108.exe\data001;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373\A0309108.exe;Adware.Bagon;;
A0309108.exe\data002;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373\A0309108.exe;Adware.Bagon;;
A0309108.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Archive contains infected objects;Moved.;
A0309109.exe\data001;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373\A0309109.exe;Trojan.Dyfuca;;
A0309109.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Archive contains infected objects;Moved.;
A0309110.exe\data001;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373\A0309110.exe;Adware.Bagon;;
A0309110.exe\data002;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373\A0309110.exe;Trojan.MulDrop.4522;;
A0309110.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Archive contains infected objects;Moved.;
A0309114.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;BackDoor.Generic.1372;Deleted.;
A0309115.dll;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Trojan.DownLoader.3069;Deleted.;
A0309116.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Trojan.Favadd;Incurable.Moved.;
A0309118.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309119.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309120.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309121.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309122.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309123.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309124.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309125.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309126.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309127.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309128.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309129.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309130.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309131.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309132.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309133.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309134.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309135.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309136.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309137.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309138.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.BookedSpace;Incurable.Moved.;
A0309139.dll;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.Ykemi;Incurable.Moved.;
A0309141.exe;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.Mirarbar;Incurable.Moved.;
A0309142.dll;C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373;Adware.Mirarbar;Incurable.Moved.;



Kaspersky



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 12, 2007 12:51:46 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/02/2007
Kaspersky Anti-Virus database records: 267048
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 147868
Number of viruses found: 14
Number of infected objects: 52 / 0
Number of suspicious objects: 0
Duration of the scan process: 03:54:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\0931926e277d480c2cc5252a1397ed2e_0c65d1ab-6d9a-4a35-838f-84b39d2c3f19 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\76ff58e5342325fc2d12c3410aa8cbdf_0c65d1ab-6d9a-4a35-838f-84b39d2c3f19 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4a5de34b83d9ce55729fea9927bda414_0c65d1ab-6d9a-4a35-838f-84b39d2c3f19 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\cv\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309106.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309107.exe Infected: Trojan-Dropper.Win32.Mudrop.bq skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309108.exe Infected: Trojan-Dropper.Win32.Mudrop.bq skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309109.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309110.exe Infected: Trojan-Downloader.Win32.Zlob.avo skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309118.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309119.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309120.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309121.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309122.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309123.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309124.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309125.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309126.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309127.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309128.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309129.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309130.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309131.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309132.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309133.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309134.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309135.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309136.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309137.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309138.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309139.dll Infected: not-a-virus:AdWare.Win32.AutoSearch.b skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309141.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped
C:\Documents and Settings\cv\DoctorWeb\Quarantine\A0309142.dll Infected: not-a-virus:AdWare.Win32.Mirar.a skipped
C:\Documents and Settings\cv\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\cv\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\cv\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\cv\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\cv\Local Settings\Temporary Internet Files\PhishingFilter\45E13EC5-3DB7-4B3D-9F80-073A58AB5E82.dat Object is locked skipped
C:\Documents and Settings\cv\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\cv\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Guest\Local Settings\Temp\AntiPhishing\FDE76B9D-4657-4B28-AE87-04EFD23D4EB6.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.ilg Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\L0000003.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\cv\Data\storydb.idx Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7C72062A.exe Infected: Virus.Win32.Parite.a skipped
C:\RECYCLER\NPROTECT\00042523.sol Object is locked skipped
C:\RECYCLER\NPROTECT\00042528.sol Object is locked skipped
C:\RECYCLER\NPROTECT\00042538.sol Object is locked skipped
C:\RECYCLER\NPROTECT\00042664.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00042672.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042673.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042674.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042675.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042676.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042677.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042678.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042679.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042680.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042681.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042682.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042683.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042684.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042685.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042686.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042687.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042688.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042689.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042690.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042691.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042692.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042693.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042694.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042695.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042696.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042697.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042698.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042699.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042700.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042701.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042702.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042703.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042704.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042705.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042706.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042707.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042708.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042709.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042710.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042711.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042712.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042713.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00042714.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00042715.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00042716.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00042717.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00042718.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00042719.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00042720.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00042721.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00042722.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00042723.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00042724.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00042725.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00042726.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00042727.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00042735.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00042736.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00042739.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00042740.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00042741.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00042754.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00042757.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042764.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00042765.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00042766.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00042767.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00042782.cfg Object is locked skipped
C:\RECYCLER\NPROTECT\00042890.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00042891.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00042892.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00042893.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00042894.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00042895.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00042896.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00042897.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00042898.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00042899.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00042900.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00042901.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00042902.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00042903.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00042904.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00042905.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00042906.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00042907.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00042908.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00042909.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00042910.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00042911.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00042912.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00042913.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00042914.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00042945.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00042946.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00042947.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00042948.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00042949.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00042950.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00042951.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00042952.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00042953.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00042954.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00042955.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00042956.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00042957.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00042958.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00042959.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00042960.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00042961.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00042962.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00042963.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00042964.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00042965.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00042966.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00042967.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00042968.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00042969.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00042970.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00042971.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00042972.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00042973.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00042974.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00042975.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00042976.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00042977.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00042978.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00042979.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00042980.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00042981.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042982.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042983.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042984.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042985.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042986.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042987.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042988.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042989.log Object is locked skipped
C:\RECYCLER\NPROTECT\00042990.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00042991.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00042992.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00042993.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00042994.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00042995.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00042996.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00042997.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00042998.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00042999.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00043000.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00043001.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00043002.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043003.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043004.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043005.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043006.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043007.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043008.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043009.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043010.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00043011.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043012.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043013.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043014.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043015.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043016.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043017.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043018.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043019.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043020.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043021.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043022.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043023.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043024.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043025.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043026.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043027.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043028.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043029.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043030.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043031.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043032.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043033.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043034.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043035.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043036.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043037.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043038.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043039.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043040.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043041.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043042.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043043.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043045.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043046.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043047.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043048.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043049.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043050.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043051.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043052.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043053.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043054.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043055.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043056.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043057.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043058.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043059.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043060.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043061.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043062.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043063.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043064.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043065.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043066.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043067.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043068.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043069.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043070.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043071.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043072.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043073.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043074.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043075.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043076.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043077.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043078.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043079.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043080.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043081.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043082.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043083.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043084.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043085.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043086.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043087.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043088.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043089.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043090.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043091.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043092.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043093.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043094.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043095.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043096.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043097.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043098.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043099.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043100.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043101.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043102.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043103.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043104.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043105.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043106.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043107.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043108.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043109.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043110.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043111.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043112.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043113.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043114.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043115.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043116.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043117.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043118.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043119.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043120.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043121.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043122.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043123.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043124.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043125.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043126.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043127.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043128.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043129.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043130.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043131.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043132.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043133.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043134.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043135.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043136.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043137.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043138.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043139.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043140.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043141.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043142.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043143.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043144.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043145.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043146.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043147.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043148.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043149.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043150.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043151.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043152.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043153.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043154.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043155.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043156.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043157.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043158.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043159.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043160.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043161.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043162.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043163.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043164.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043165.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043166.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043167.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043168.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043169.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043170.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043171.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043172.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043173.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043174.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043175.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043176.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043177.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043178.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043179.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043180.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043181.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043182.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043183.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043184.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043185.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043186.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043187.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043188.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043189.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043190.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043191.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043192.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043193.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043194.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043195.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043196.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043197.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043198.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043199.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043200.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043201.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043202.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043203.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043204.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043205.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043206.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043207.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043208.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043209.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043210.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043211.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043212.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043213.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043214.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043215.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043216.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043221.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043222.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043223.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043224.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043225.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043226.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043227.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043228.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043229.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043230.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043231.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043232.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043233.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043234.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043235.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043236.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043237.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043238.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043239.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043240.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043241.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043242.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043243.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043244.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043245.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043246.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043247.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043248.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043249.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043250.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043251.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043252.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043253.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043254.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043256.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043257.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043258.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043259.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043260.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043261.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043262.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043263.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043264.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043265.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043266.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043267.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043268.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043269.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043270.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043271.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043272.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043273.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043274.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043275.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043276.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043277.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043278.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043279.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043280.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043281.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043282.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043283.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043284.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043285.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043286.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043287.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043288.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043289.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043290.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043291.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043292.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043293.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043294.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043295.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043296.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043297.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043298.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043299.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043300.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043301.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043302.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043303.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043304.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043305.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043306.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043307.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043308.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043309.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043310.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043311.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043312.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043313.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043314.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043315.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043316.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043317.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043318.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043319.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043320.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043321.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043322.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043323.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043324.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043325.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043326.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043327.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043328.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043329.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043330.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043331.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043332.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043333.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043334.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043335.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043336.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043337.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043338.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043339.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043340.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043341.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043342.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043343.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043344.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043345.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043346.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043347.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043348.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043349.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043350.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043351.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043352.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043353.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043354.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043355.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043356.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043357.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043358.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043359.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00043374.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043375.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043376.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043377.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043378.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043379.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043380.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043381.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043382.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043383.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043384.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043385.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043386.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043387.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043388.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043389.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043390.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043391.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043392.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043393.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043394.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043395.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043396.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043397.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043398.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043399.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043400.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043401.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043402.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043403.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043404.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043405.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043406.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043407.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043408.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043409.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043410.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043411.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043412.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043413.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043414.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043415.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043416.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043417.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043418.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043419.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043420.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043421.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043422.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043423.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043424.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043425.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043426.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043427.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043428.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00043458.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00043517.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00043519.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043523.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00043532.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00043533.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00043537.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00043573.cfg Object is locked skipped
C:\RECYCLER\NPROTECT\00043574.des Object is locked skipped
C:\RECYCLER\NPROTECT\00043575.npz Object is locked skipped
C:\RECYCLER\NPROTECT\00043577.npz Object is locked skipped
C:\RECYCLER\NPROTECT\00043667.cfg Object is locked skipped
C:\RECYCLER\NPROTECT\00043679.htm Object is locked skipped
C:\RECYCLER\NPROTECT\00043719.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00043720.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00043749.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00043761.cfg Object is locked skipped
C:\RECYCLER\NPROTECT\00043776.cfg Object is locked skipped
C:\RECYCLER\NPROTECT\00043804.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00043805.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00043806.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00043807.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00043808.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00043809.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00043810.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00043811.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043812.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043813.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043814.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043815.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043816.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043817.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043818.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043819.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043820.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043821.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043822.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043823.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043824.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043825.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043826.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043827.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043828.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043829.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043830.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043831.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043832.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043833.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043834.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043835.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043836.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043837.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043838.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043839.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043840.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043841.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043842.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043843.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043844.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043845.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043849.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043850.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043851.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043852.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043853.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043854.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043855.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043856.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043857.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043858.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043859.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043860.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043861.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043862.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043863.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043864.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043865.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043866.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043867.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043868.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043869.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043870.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043871.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043872.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043873.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043874.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043875.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043876.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043877.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043878.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043879.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043880.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043881.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043882.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043883.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043884.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043885.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043886.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043887.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043888.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043889.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043890.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043891.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043892.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043893.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043894.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043895.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043896.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043897.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043898.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043899.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043900.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043901.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043902.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043903.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043904.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043905.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043906.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043908.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043909.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043910.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043911.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043912.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043913.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043914.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043915.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043916.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043917.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043918.log Object is locked skipped
C:\RECYCLER\NPROTECT\00043919.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043920.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043921.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043922.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043923.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043924.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043925.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043926.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043927.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043928.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043929.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043930.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043931.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043932.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043933.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043934.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043935.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043936.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043937.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043938.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043939.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043940.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043941.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043942.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043943.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043944.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043945.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043946.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00043961.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043962.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043963.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043964.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043965.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043966.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043967.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043968.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043969.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043970.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00043971.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00043972.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00043973.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043974.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043975.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043976.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00043977.ci Object is locked skipped
C:\RECYCLER\NPROTECT\00043978.dir Object is locked skipped
C:\RECYCLER\NPROTECT\00044005.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00044006.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044009.sol Object is locked skipped
C:\RECYCLER\NPROTECT\00044014.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00044016.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00044019.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00044021.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00044035.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00044036.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00044037.DOC Object is locked skipped
C:\RECYCLER\NPROTECT\00044042.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00044043.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00044044.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00044045.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00044046.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00044047.DOC Object is locked skipped
C:\RECYCLER\NPROTECT\00044048.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00044049.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00044050.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00044051.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00044092.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00044099.sol Object is locked skipped
C:\RECYCLER\NPROTECT\00044254.GTH Object is locked skipped
C:\RECYCLER\NPROTECT\00044280.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00044282.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00044284.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044285.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044286.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044287.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044288.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044289.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044290.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044291.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044292.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044293.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044294.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044295.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044296.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044297.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044298.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044299.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044300.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044301.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044302.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044303.000 Object is locked skipped
C:\RECYCLER\NPROTECT\00044304.001 Object is locked skipped
C:\RECYCLER\NPROTECT\00044305.002 Object is locked skipped
C:\RECYCLER\NPROTECT\00044318.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00044319.log Object is locked skipped
C:\RECYCLER\NPROTECT\00044320.cfg Object is locked skipped
C:\RECYCLER\NPROTECT\00044321.des Object is locked skipped
C:\RECYCLER\NPROTECT\00044322.npz Object is locked skipped
C:\RECYCLER\NPROTECT\00044382.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00044384.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00044387.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00044391.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00044398.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00044406.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00044413.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00044414.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00044415.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00044416.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00044417.PNG Object is locked skipped
C:\RECYCLER\NPROTECT\00044427.JPG Object is locked skipped
C:\RECYCLER\NPROTECT\00044439.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00044482.sol Object is locked skipped
C:\RECYCLER\NPROTECT\00044483.sol Object is locked skipped
C:\RECYCLER\NPROTECT\00044485.sol Object is locked skipped
C:\RECYCLER\NPROTECT\00044489.sol Object is locked skipped
C:\RECYCLER\NPROTECT\00044492.DAT Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0278747.exe/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0278747.exe/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0278747.exe/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0278747.exe/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP314\A0278747.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308604.exe/deskbar.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.r skipped
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308604.exe/deskbar.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.r skipped
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308604.exe/deskbar.exe Infected: not-a-virus:AdWare.Win32.Softomate.r skipped
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP370\A0308604.exe ZIP: infected - 3 skipped
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373\A0309112.exe/data0002 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373\A0309112.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373\A0309112.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373\A0309113.exe/data0002 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373\A0309113.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373\A0309113.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP373\A0309117.exe Infected: P2P-Worm.Win32.SpyBot.hd skipped
C:\System Volume Information\_restore{0E220396-2B54-4AED-B001-CA80BB925E41}\RP375\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\srvdedsnex.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ew skipped
C:\WINDOWS\srvdedsnex.exe NSIS: infected - 1 skipped
C:\WINDOWS\srvhhybhqp.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ew skipped
C:\WINDOWS\srvhhybhqp.exe NSIS: infected - 1 skipped
C:\WINDOWS\srvnhgnqci.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ew skipped
C:\WINDOWS\srvnhgnqci.exe NSIS: infected - 1 skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd7405.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 

·
Registered
Joined
·
2,506 Posts
More stuff to delete. :laugh:

Clean Quarantine
Please follow Symantec's guide to clean out your Norton quarantine directory.


Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
C:\Documents and Settings\cv\DoctorWeb\Quarantine
C:\WINDOWS\srvdedsnex.exe
C:\WINDOWS\srvhhybhqp.exe
C:\WINDOWS\srvnhgnqci.exe


Download ComboFix
Please download ComboFix from one of the two locations:
  1. http://www.techsupportforum.com/sectools/Beta/combofix.exe
  2. http://download.bleepingcomputer.com/sUBs/zh/combofix.exe
and save it to your Desktop. Close all open programs and windows adn then double-click combofix.exe and follow the prompts. While ComboFix is running, please do not click or move the window, as this may cause the tool to stall. When the tool has finished, it will produce a log for you and save it as C:\ComboFix.txt. Post that log in your next reply.


Post the contents of C:\ComboFix.txt and a new HijackThis log after ComboFix finishes.
 
1 - 11 of 11 Posts
Status
Not open for further replies.
Top