not valid win32 applications, IE not working, and more

**Jindai** · 2008-05-18, 12:41

Okay, I got virused. I keep my task manager up at all times, so when my processor spike at 100% I knew right away. finding a process called hldrrr.exe, I killed it, only to have it come up again when I tried to launch IE, each and every time. Finding it in my windows/drivers directory, I deleted it, and it hasn't returned. I also found another file with the same iconography as it did (a round red cross over white) I deleted that as well, but have since forgotten the file name. I thought to run a av scan, and that's when I noticed that I didn't have tray icons for EITHER Norton AV, or AVG. I was able to launch the AVG test-center and start a scan, but my system then crashed and relaunched, and from that point on ANY av software I try to runs tells me that it's not a valid win32 app. This includes spybot s&d, avg, norton, windows defender, you name it. IE will NOT connect to any webpage, even if I run network diagnostics and it reports no problems, and I want to view the details, it takes several minutes for IE to open THAT page, and it's not even over the internet. I DO still have internet access, as you can see, but only by using firefox. I did see a thread about trying to remove hldrrr.exe, and downloaded icesword to try it. Since the reboot, I don't get an error about invalid win32 apps for it, but it won't run, either. What happens is the explorer window I open to get to icesword just locks up, as soon as I try and launch the app. with that locked up, I can't do much of anything, until I reboot. I truly hope someone can help me, this is the only system I have left since my laptop gave up on me.

**Blade81** · 2008-05-18, 15:35

Hi

Your description matches with Bagle worm.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

**Jindai** · 2008-05-18, 19:04

Thank you. If I absolutely have to, I do have the resources to reformat and reinstall. Problem is, I don't have the resources to back any of the data up from the c: drive that would be lost by such a drastic measure. I'm reasonably certain I stopped the actions of that virus before it did more than destroy my AV suites, and I have an external firewall that is quite secure, and it is NOT compromised, at all. In the past, I would be able to dismount the c: drive, put it in a caddy and use my laptop to scan for viruses and clean it, but my laptop will not take power anymore, and I haven't figured that one out. So, that option is not longer available. If you will help me clean this system, then that is the route I'd prefer to go. I'm reasonably tech savvy, though not a virus expert by any means. I'll do what you say, step-by-step.

Thanks

**Blade81** · 2008-05-19, 06:14

Hi

Ok.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a HijackThis log (you probably need to download that again) so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

**Jindai** · 2008-05-19, 09:18

Okay, that's done, here are the logs

Combofix:
ComboFix 08-05-15.3 - Rick Hawn 2008-05-19 2:31:55.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.471 [GMT -4:00]
Running from: C:\Documents and Settings\Rick Hawn\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Rick Hawn\Application Data\m
C:\Documents and Settings\Rick Hawn\Application Data\m\shared
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\.NET_Dashboard_Suite_3.0_[Key].zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\1 Cool Button Tool - Flash 5.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\7-Zip_Portable_4.42.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\A-Flow_3.5.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\ABC_Amber_BlackBerry_Editor_1.03.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Accessory Media Viewer 3.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\ActiveBypass_2.5.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Add Context Menu 1.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Advanced FTP and Download Helper 2.2.0.2.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Advanced_Email_Protector_1.0_[Crack].zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Aglare_AVI_MP4_3GP_iPod_MPEG_WMV_MOV_DVD_Converter_1.0_(Crack).zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\AK-Isolator 1.2.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Alion_1.0_(KeyGen).zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\All_To_MP3_Converter_2.0_(Crack).zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Anonymous_Surfing_2.0.4_Crack.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Antivirus.NOD32.2.51.20.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Application_Warp_Memory_Manager_v4.6_[Crack].zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Assam-Calcu_2.4.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Atlanta Traffic Cam Viewer 1.6.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Audio Editor Express 4.0 KeyGen.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\AutoLyrics 0.1.2b.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\AV Voice Changer Software 6.0.10 (Crack).zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Better_FileMaker_Developer_Feb_2003_Issue_4.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Bitmap_Font_Edit_1.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Business_Plan_eGuides_2.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Cavity Crusade 1.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\CBackup Lite 1.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Citroen Sports Screensaver 9.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Cleanerzoomer_3.64.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Command & Conquer Generals - Tournament Oasis map.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\ContactsCollector_1.1.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\damFormMemory 1.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\DeafSpot_Google_Toolbar_4.5.8.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Dhey Huntin 8 1.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\DiffUnlock 1.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Digital_Indicator_.NET_component_1.009.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Disk_benchmark_2006_1.0.2.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Dorgem 2.1.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Dreamscape_Analysis_2.0.1d.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\DzSoft PHP Editor 4.1.1.2.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Easy_E-Mail_Notify_5.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Easy_Photo_Editor_1.9.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\EGO_3.6_KeyGen.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\emboot_MBA_on_Disk_for_VM_1.5.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Fantasize Soundfont Player VSTi 2.3.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\FastReport Studio 4.5.9.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\FileClone_1.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Flash_Horizontal_Menu_Wizard_2.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Flower_Lines_1.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\FolderToDrive 1.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Ford Model T Screensaver 1.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\FreeVoice 1.2 Beta.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\GMail_Bookmark_1.1.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\GSA_Image_Spider_2.45_Patch.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Halloween Firefox theme 2.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Home_Organizer_Deluxe_2.3.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Hunter HTML Optimizer 1.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\idManage 4.4.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\iFlysoft Flash Converter 1.2.1.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Image_miner_1.30.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\ImageSafety_1.0_(Patch).zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Instant Video Autorun 1.74.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Instrumentation .Net Package 1.000.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\ITWorkTimer_1.1_(Serial).zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Java Modelling Tools 0.7.3.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\JavaScript_Dissolving_PopMenu_1.0_Key+Serial.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\JimPack 2.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\kCharge_2.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Kernel_Paradox_4.03.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\KnowItAll_2.0.632.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Length Optimizer Multiple List Version 1.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\LibMaster.com ActiveStockChart 1.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\LingvoSoft_Dictionary_2007_German_-_Italian_4.0.22.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\LingvoSoft_Picture_Dictionary_2007_English_-_Estonian_1.1.17.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\LopeEdit Pro 5.4.1.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Magic 3GP Video Converter 8.0.1.16.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\MapCreator_Free_Edition_1.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Memory Monitor 1.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\MIE55SpeedUp_1.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Mineral_Miner_1.01.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\mnoGoSearch_Lite_3.2.42.1_Cracked.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Morovia Code 128 Barcode Fontware 1.0 [Crack].zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\MorphBuster_7.5.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Mucha Art Nouveau 1.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Multi-Replace 2.2.5.0 [Key].zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\myCalendar 2.3.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\NBC Today Show 7.08.27.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\NET_Video_Spy_2.0_(With_Crack).zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\New Utilities 2.5.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Nexeye_Monitoring_Enterprise_1.2.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Omar Sharif Bridge II 1.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Online_Store_Kit_3.0_Lite_3.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\PageFour_1.61_(KeyGen).zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\PC Digital Safe 2.50i.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\PL.Ewido.Anti-Spyware.v.4.0.0.172.+.serial.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\PowerSearch_2.2.1_With_Crack.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\RBTray 3.1.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\SafeSurfer Popup Ad Killer 1.8.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Saint_Paint_Studio_12.1.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\ScanWiz_1.1_(Cracked).zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\SIMPLEX 1.7.2.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Skorbord 1.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Skype Toolbar for Internet Explorer 2.1.0.12.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Smart_Pc_Keylogger_3.2.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\SMSLibX_1.9.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\SpaceGuard SRM 6.0 Build 1113.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Spectrino_for_R_1.5.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Speech_Timer_1.0_With_Crack.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\StarCraft_patch_1.13.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Sysutil Wakeup 1.01.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Tadpole 0.5.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\The Sorting Machine 1.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\The_Sims_-_Celtics_T-Shirt_skin.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Twin Folders 3.0 (Key).zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Unit_Player_1.06.344.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Unreal_Tournament_2004_ONS_Jungle_Redux_Map.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Vigenère Cipher 2.0.2.3.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Vinny_Federal_Income_Tax_2004_Feb_7.2005.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\WinProxy Secure Suite 6.1.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\X-Treme Media Finder 2.0.1.1.0.4.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\Zee-Troll 2.0.zip
C:\Documents and Settings\Rick Hawn\Application Data\m\shared\ZipRecovery_1.5.zip
C:\WINDOWS\Downloaded Program Files\ODCTOOLS
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\14868046.exe
C:\WINDOWS\system32\drivers\downld\14892906.exe
C:\WINDOWS\system32\drivers\downld\21116750.exe
C:\WINDOWS\system32\drivers\downld\21148765.exe
C:\WINDOWS\system32\drivers\downld\21303890.exe
C:\WINDOWS\system32\drivers\downld\22455546.exe
C:\WINDOWS\system32\drivers\downld\22476796.exe
C:\WINDOWS\system32\drivers\downld\22535406.exe
C:\WINDOWS\system32\drivers\downld\22542859.exe
C:\WINDOWS\system32\drivers\downld\22554609.exe
C:\WINDOWS\system32\drivers\downld\22562578.exe
C:\WINDOWS\system32\drivers\downld\22585078.exe
C:\WINDOWS\system32\drivers\downld\22637250.exe
C:\WINDOWS\system32\drivers\downld\22646890.exe
C:\WINDOWS\system32\drivers\downld\22656875.exe
C:\WINDOWS\system32\drivers\downld\22672375.exe
C:\WINDOWS\system32\drivers\downld\22695218.exe
C:\WINDOWS\system32\drivers\downld\22752437.exe
C:\WINDOWS\system32\drivers\downld\22979921.exe
C:\WINDOWS\system32\drivers\downld\23072484.exe
C:\WINDOWS\system32\drivers\downld\23169812.exe
C:\WINDOWS\system32\drivers\downld\23203015.exe
C:\WINDOWS\system32\drivers\downld\239953.exe
C:\WINDOWS\system32\drivers\downld\26234109.exe
C:\WINDOWS\system32\drivers\downld\26324406.exe
C:\WINDOWS\system32\drivers\downld\26372578.exe
C:\WINDOWS\system32\drivers\downld\26422421.exe
C:\WINDOWS\system32\drivers\downld\26568718.exe
C:\WINDOWS\system32\drivers\downld\28023265.exe
C:\WINDOWS\system32\drivers\downld\304156.exe
C:\WINDOWS\system32\drivers\downld\32171500.exe
C:\WINDOWS\system32\drivers\downld\32212015.exe
C:\WINDOWS\system32\drivers\downld\32363312.exe
C:\WINDOWS\system32\drivers\downld\32487906.exe
C:\WINDOWS\system32\drivers\downld\32513875.exe
C:\WINDOWS\system32\drivers\downld\33041390.exe
C:\WINDOWS\system32\drivers\downld\333796.exe
C:\WINDOWS\system32\drivers\downld\34536140.exe
C:\WINDOWS\system32\drivers\downld\345625.exe
C:\WINDOWS\system32\drivers\downld\35229593.exe
C:\WINDOWS\system32\drivers\downld\361609.exe
C:\WINDOWS\system32\drivers\downld\454546.exe
C:\WINDOWS\system32\drivers\downld\463953.exe
C:\WINDOWS\system32\drivers\downld\471562.exe
C:\WINDOWS\system32\drivers\downld\489984.exe
C:\WINDOWS\system32\drivers\downld\630515.exe
C:\WINDOWS\system32\drivers\downld\645703.exe
C:\WINDOWS\system32\drivers\downld\678156.exe
C:\WINDOWS\system32\drivers\downld\845562.exe
C:\WINDOWS\system32\drivers\downld\908265.exe
C:\WINDOWS\system32\drivers\downld\923171.exe
C:\WINDOWS\system32\drivers\downld\931562.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
G:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA

((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-18 23:50 . 2008-05-18 23:50 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-18 20:25 . 2008-05-18 20:25 <DIR> d-------- C:\Program Files\Siber Systems
2008-05-18 20:25 . 2008-05-18 20:25 <DIR> d-------- C:\Documents and Settings\Rick Hawn\Application Data\GoodSync
2008-05-18 18:30 . 2008-05-18 18:31 12,584 --a------ C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
2008-05-18 16:31 . 2008-05-18 17:45 <DIR> d-------- C:\!KillBox
2008-05-18 16:10 . 2008-05-18 16:10 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-18 16:10 . 2008-05-18 16:10 <DIR> d-------- C:\Documents and Settings\Rick Hawn\Application Data\PC Tools
2008-05-18 16:10 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-18 16:10 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-18 16:10 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-18 16:10 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-18 14:44 . 2008-05-18 14:44 <DIR> d-------- C:\Diamond
2008-05-18 14:26 . 2008-05-18 14:26 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-05-18 14:25 . 2008-05-18 14:25 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-05-18 14:25 . 2008-05-18 14:25 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-05-18 14:25 . 2008-05-18 14:25 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-05-18 14:25 . 2008-05-18 14:25 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-05-18 14:25 . 2008-05-18 14:25 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-05-18 14:11 . 2006-02-28 08:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-05-18 14:11 . 2006-02-28 08:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-05-18 10:00 . 2008-05-18 16:19 1,073,303,552 --a------ C:\WINDOWS\MEMORY.DMP
2008-05-18 05:51 . 2008-05-18 05:52 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-18 05:51 . 2008-05-18 05:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-18 04:42 . 2008-05-18 04:42 <DIR> d-------- C:\Documents and Settings\Rick Hawn\Application Data\IMBT
2008-05-18 04:41 . 2008-05-18 04:41 <DIR> d-------- C:\Program Files\IMBT
2008-05-16 00:26 . 2008-05-16 00:26 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-16 00:21 . 2008-04-13 22:06 144,384 --a------ C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-05-16 00:19 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\000001_.tmp
2008-05-07 20:04 . 2008-05-07 20:04 <DIR> d-------- C:\Program Files\TiVo
2008-05-07 20:04 . 2008-05-07 20:04 <DIR> d-------- C:\Program Files\Common Files\TiVo Shared
2008-05-07 20:04 . 2008-05-07 20:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TiVo
2008-05-07 20:03 . 2008-05-07 20:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-06 15:02 . 2008-05-06 15:02 <DIR> d-------- C:\Program Files\SSSleeper
2008-04-27 21:12 . 2008-04-27 21:13 <DIR> d-------- C:\Program Files\Virtual Earth 3D
2008-04-24 07:11 . 2008-04-24 07:11 <DIR> d-------- C:\Program Files\MSECache
2008-04-21 23:50 . 2008-04-21 23:50 <DIR> d-------- C:\Program Files\Apple Software Update

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 07:01 --------- d-----w C:\Program Files\BOINC
2008-05-19 06:19 --------- d-----w C:\Documents and Settings\Rick Hawn\Application Data\uTorrent
2008-05-18 22:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-18 22:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-18 09:19 --------- d-----w C:\Program Files\eMule
2008-05-18 09:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-05-18 08:44 --------- d-----w C:\Documents and Settings\Rick Hawn\Application Data\AVG7
2008-05-14 05:34 --------- d-----w C:\Program Files\iPod2PC
2008-05-12 18:46 --------- d-----w C:\Program Files\Norton SystemWorks
2008-05-11 02:33 --------- d-----w C:\Program Files\Free Easy Burner
2008-05-06 01:13 --------- d-----w C:\Program Files\Unlocker
2008-05-04 09:19 --------- d-----w C:\Program Files\uTorrent
2008-04-20 00:04 --------- d-----w C:\Program Files\DivX
2008-04-14 09:41 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 04:10 10,240 ----a-w C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-04-13 05:49 --------- d-----w C:\Program Files\IrfanView
2008-04-08 17:29 --------- d-----w C:\Program Files\BitComet
2008-04-08 11:00 --------- d-----w C:\Documents and Settings\Rick Hawn\Application Data\Apple Computer
2008-04-05 11:06 --------- d-----w C:\Program Files\PowerISO
2008-04-05 10:22 --------- d-----w C:\Program Files\AmoK Burning
2008-04-05 10:03 --------- d-----w C:\Program Files\Plucker
2008-04-05 09:34 --------- d-----w C:\Documents and Settings\Rick Hawn\Application Data\FinalBurner DATA
2008-04-05 09:26 --------- d-----w C:\Documents and Settings\Rick Hawn\Application Data\FinalBurner Video DVD
2008-04-05 09:23 --------- d-----w C:\Documents and Settings\Rick Hawn\Application Data\DeepBurner
2008-04-05 09:22 --------- d-----w C:\Program Files\Astonsoft
2008-04-04 12:05 --------- d-----w C:\Program Files\iTunes
2008-04-04 12:04 --------- d-----w C:\Program Files\iPod
2008-04-04 12:02 --------- d-----w C:\Program Files\QuickTime
2008-04-02 07:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 04:08 --------- d-----w C:\Documents and Settings\Rick Hawn\Application Data\dvdcss
2008-03-20 15:50 --------- d-----w C:\Documents and Settings\Rick Hawn\Application Data\Tunebite
2008-03-20 15:47 --------- d-----w C:\Documents and Settings\Rick Hawn\Application Data\RTPlayer
2008-03-19 01:20 --------- d-----w C:\Program Files\Java
2008-03-08 20:49 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-03-08 20:49 249,856 ----a-w C:\WINDOWS\Setup1.exe
.

Code:

<pre>
----a-w           566,385 2007-04-26 08:27:17  C:\Documents and Settings\Rick Hawn\My Documents\My Received Files\TiVo Desktop\setup .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 05:42 1695232]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2005-04-24 02:03 643072]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00 15360]
"EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [2005-02-08 05:00 98304]
"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2008-04-04 10:54 1193984]
"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2008-04-04 10:54 394240]
"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2008-04-04 10:56 1879552]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-05-18 05:51 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-12-17 06:53 73728 C:\WINDOWS\system32\sstray.exe]
"Cmaudio"="cmicnfg.cpl" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 20:20 866584]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-05-19 02:44 58728]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-12-17 09:12 100056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"mxomssmenu"="C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 15:53 169264]
"AtomTime"="C:\Program Files\AtomTime Pro\AtomTime.EXE" [2004-12-03 12:04 396316]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-05 20:26 185896]
"EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.exe" [2005-02-08 05:00 98304]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Itiva Media Accelerator"="C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe" [2008-03-25 13:55 4912368]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-05-19 02:45 579584]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 08:32 86016]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2006-02-28 08:00 143360]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-14 19:50 233472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-05-19 02:23 219136]

C:\Documents and Settings\Rick Hawn\Start Menu\Programs\Startup\
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2007-11-13 14:44:44 4141056]
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-01-08 07:47:01 557568]
SSSleeper.lnk - C:\Program Files\SSSleeper\SSSleeper.exe [2000-01-25 22:21:38 73728]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 16:40:46 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 16:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\Itiva\\Itiva Media Accelerator\\ItivaMediaAccelerator.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10779:TCP"= 10779:TCP:BitComet 10779 TCP
"10779:UDP"= 10779:UDP:BitComet 10779 UDP
"7987:TCP"= 7987:TCP:BitComet 7987 TCP
"7987:UDP"= 7987:UDP:BitComet 7987 UDP
"4673:TCP"= 4673:TCP:BitComet 4673 TCP(ED2K)
"4673:UDP"= 4673:UDP:BitComet 4673 UDP(ED2K)
"23608:TCP"= 23608:TCP:BitComet 23608 TCP
"23608:UDP"= 23608:UDP:BitComet 23608 UDP
"11609:TCP"= 11609:TCP:BitComet 11609 TCP(ED2K)
"11609:UDP"= 11609:UDP:BitComet 11609 UDP(ED2K)
"13213:TCP"= 13213:TCP:BitComet 13213 TCP
"13213:UDP"= 13213:UDP:BitComet 13213 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"9136:TCP"= 9136:TCP:BitComet 9136 TCP
"9136:UDP"= 9136:UDP:BitComet 9136 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 Maxtor Sync Service;Maxtor Service;"C:\Program Files\Maxtor\Sync\SyncServices.exe" [2007-09-28 13:24]
R2 TivoBeacon2;TiVo Beacon;"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service []
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []

*Newly Created Service* - BITS

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-13 21:37:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-19 05:32:24 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-12 18:46:48 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2008-05-19 04:00:06 C:\WINDOWS\Tasks\Symantec Drmc.job"
- C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe
"2008-05-19 07:00:16 C:\WINDOWS\Tasks\{D1694CC6-99AD-4EA1-8E89-01EACA9DDB7C}_JINDAI_Rick Hawn.job"
- C:\WINDOWS\system32\mobsync.exeE /Schedule=
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 03:03:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\SSSleeper\SSSleeperDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\BOINC\boinc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\BOINC\projects\einstein.phys.uwm.edu\einstein_S5R3_4.26_windows_intelx86.exe
C:\WINDOWS\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-05-19 3:12:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-19 07:12:38

Pre-Run: 3,587,674,112 bytes free
Post-Run: 3,755,016,192 bytes free

428 --- E O F --- 2008-05-16 05:35:21

Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:16 AM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\SAgent4.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AtomTime Pro\AtomTime.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\SSSleeper\SSSleeper.exe
C:\Program Files\BOINC\boinc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\BOINC\projects\einstein.phys.uwm.edu\einstein_S5R3_4.26_windows_intelx86.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [AtomTime] "C:\Program Files\AtomTime Pro\AtomTime.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Itiva Media Accelerator] C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /M "Stylus CX3800" /EF "HKCU"
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: SSSleeper.lnk = C:\Program Files\SSSleeper\SSSleeper.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1197886558656
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 10478 bytes

Ish, I hope you can get all this.

**Blade81** · 2008-05-19, 10:33

Hi

Please run an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, click Yes.

The program will launch and start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings and select the following:

Scan using the following Anti-Virus database:

Extended (If available, otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK.
Under
select a target to scan
, select My Computer.
The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.

Once the scan is complete:

Click on the Save as Text button.
Save the file to your desktop.
Copy and paste that information into your next post if the AV content will fit into one post only.
If the results of the anti virus scan itself will take more than one post to contain, you may upload it to http://rapidshare.com

Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

If having a problme doing the above

Make sure that your Internet security settings are set to default values.

To set default security settings for Internet Explorer:

* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.

**Jindai** · 2008-05-20, 08:11

Okay, ran it twice

(An error caused it to navigate away from the scan when it was 90% complete, so had to rerun it. *Sigh* But here are the results:

Tuesday, May 20, 2008 1:58:24 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/05/2008
Kaspersky Anti-Virus database records: 785800
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics
Total number of scanned objects 175234
Number of viruses found 17
Number of infected objects 329
Number of suspicious objects 0
Duration of the scan process 10:49:21

Infected Object Name Virus Name Last Action
C:\!KillBox\flec006.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\!KillBox\flec006.exe( 1) Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.12.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.12.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.ci Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wsb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010025.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010026.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010027.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002D.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003C.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003E.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy136.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf3.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_810.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-19_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Desktop Search\Logs\UNCFATPHLog.txt Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\TiVo Desktop\Logs\TiVoBeacon.log Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Rick Hawn\Application Data\Mozilla\Firefox\Profiles\9hgeircn.default\cert8.db Object is locked skipped
C:\Documents and Settings\Rick Hawn\Application Data\Mozilla\Firefox\Profiles\9hgeircn.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Rick Hawn\Application Data\Mozilla\Firefox\Profiles\9hgeircn.default\history.dat Object is locked skipped
C:\Documents and Settings\Rick Hawn\Application Data\Mozilla\Firefox\Profiles\9hgeircn.default\key3.db Object is locked skipped
C:\Documents and Settings\Rick Hawn\Application Data\Mozilla\Firefox\Profiles\9hgeircn.default\parent.lock Object is locked skipped
C:\Documents and Settings\Rick Hawn\Application Data\Mozilla\Firefox\Profiles\9hgeircn.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Rick Hawn\Application Data\Mozilla\Firefox\Profiles\9hgeircn.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Rick Hawn\Application Data\Skype\jindaihideo\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Rick Hawn\Application Data\Skype\jindaihideo\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Rick Hawn\Application Data\Skype\jindaihideo\index2.dat Object is locked skipped
C:\Documents and Settings\Rick Hawn\Application Data\Skype\jindaihideo\profile16384.dbb Object is locked skipped
C:\Documents and Settings\Rick Hawn\Application Data\Skype\jindaihideo\profile256.dbb Object is locked skipped
C:\Documents and Settings\Rick Hawn\Application Data\Skype\jindaihideo\user1024.dbb Object is locked skipped
C:\Documents and Settings\Rick Hawn\Application Data\Skype\jindaihideo\user16384.dbb Object is locked skipped
C:\Documents and Settings\Rick Hawn\Application Data\Skype\jindaihideo\user256.dbb Object is locked skipped
C:\Documents and Settings\Rick Hawn\Application Data\Skype\jindaihideo\user4096.dbb Object is locked skipped
C:\Documents and Settings\Rick Hawn\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Application Data\Itiva\Itiva Media Accelerator\QNode.log Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Application Data\Microsoft\Desktop Search\Logs\OTFSMonLog.txt Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Application Data\Mozilla\Firefox\Profiles\9hgeircn.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Application Data\Mozilla\Firefox\Profiles\9hgeircn.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Application Data\Mozilla\Firefox\Profiles\9hgeircn.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Application Data\Mozilla\Firefox\Profiles\9hgeircn.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Application Data\TiVo Desktop\Logs\DownloadManager.log Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Application Data\TiVo Desktop\Logs\TiVoNotify.log Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Application Data\TiVo Desktop\Logs\TiVoServer.log Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Application Data\TiVo Desktop\Logs\TiVoTransfer.log Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Application Data\TiVo Desktop\Logs\Transcode.log Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Temp\Perflib_Perfdata_d2c.dat Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Temp\~DF18BA.tmp Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Temp\~DF60A8.tmp Object is locked skipped
C:\Documents and Settings\Rick Hawn\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rick Hawn\My Documents\Angel files.xls Object is locked skipped
C:\Documents and Settings\Rick Hawn\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Rick Hawn\ntuser.dat.LOG Object is locked skipped
C:\Program Files\AtomTime Pro\atomtime.log Object is locked skipped
C:\Program Files\BOINC\slots\2\boinc_lockfile Object is locked skipped
C:\Program Files\BOINC\slots\2\stderr.txt Object is locked skipped
C:\Program Files\BOINC\stderrdae.txt Object is locked skipped
C:\Program Files\BOINC\stderrgui.txt Object is locked skipped
C:\Program Files\BOINC\stdoutdae.txt Object is locked skipped
C:\Program Files\BOINC\stdoutgui.txt Object is locked skipped
C:\Program Files\BOINC\time_stats_log Object is locked skipped
C:\Program Files\eMule\Incoming\Images\Stuff\Rar Password Cracker v4.11 - Keygen.zip/rpc.exe Infected: not-a-virus:PSWTool.Win32.RARPassCrack.a skipped
C:\Program Files\eMule\Incoming\Images\Stuff\Rar Password Cracker v4.11 - Keygen.zip ZIP: infected - 1 skipped
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe Infected: Trojan-Downloader.Win32.Bagle.po skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A36046B.exe/data0002 Infected: not-a-virus:AdWare.Win32.Comet.ac skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A36046B.exe NSIS: infected - 1 skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A36046B.exe CryptFF: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\.NET_Dashboard_Suite_3.0_[Key].zip.vir/.NET_Dashboard_Suite_3.0_[Key].exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\.NET_Dashboard_Suite_3.0_[Key].zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\1 Cool Button Tool - Flash 5.0.zip.vir/1 Cool Button Tool - Flash 5.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\1 Cool Button Tool - Flash 5.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\7-Zip_Portable_4.42.zip.vir/7-Zip_Portable_4.42.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\7-Zip_Portable_4.42.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\A-Flow_3.5.zip.vir/A-Flow_3.5.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\A-Flow_3.5.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\ABC_Amber_BlackBerry_Editor_1.03.zip.vir/ABC_Amber_BlackBerry_Editor_1.03.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\ABC_Amber_BlackBerry_Editor_1.03.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Accessory Media Viewer 3.0.zip.vir/Accessory Media Viewer 3.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Accessory Media Viewer 3.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\ActiveBypass_2.5.zip.vir/ActiveBypass_2.5.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\ActiveBypass_2.5.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Add Context Menu 1.0.zip.vir/Add Context Menu 1.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Add Context Menu 1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Advanced FTP and Download Helper 2.2.0.2.zip.vir/Advanced FTP and Download Helper 2.2.0.2.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Advanced FTP and Download Helper 2.2.0.2.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Advanced_Email_Protector_1.0_[Crack].zip.vir/Advanced_Email_Protector_1.0_[Crack].exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Advanced_Email_Protector_1.0_[Crack].zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Aglare_AVI_MP4_3GP_iPod_MPEG_WMV_MOV_DVD_Converter_1.0_(Crack).zip.vir/Aglare_AVI_MP4_3GP_iPod_MPEG_WMV_MOV_DVD_Converter_1.0_(Crack).exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Aglare_AVI_MP4_3GP_iPod_MPEG_WMV_MOV_DVD_Converter_1.0_(Crack).zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\AK-Isolator 1.2.zip.vir/AK-Isolator 1.2.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\AK-Isolator 1.2.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Alion_1.0_(KeyGen).zip.vir/Alion_1.0_(KeyGen).exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Alion_1.0_(KeyGen).zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\All_To_MP3_Converter_2.0_(Crack).zip.vir/All_To_MP3_Converter_2.0_(Crack).exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\All_To_MP3_Converter_2.0_(Crack).zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Anonymous_Surfing_2.0.4_Crack.zip.vir/Anonymous_Surfing_2.0.4_Crack.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Anonymous_Surfing_2.0.4_Crack.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Antivirus.NOD32.2.51.20.zip.vir/Antivirus.NOD32.2.51.20.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Antivirus.NOD32.2.51.20.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Application_Warp_Memory_Manager_v4.6_[Crack].zip.vir/Application_Warp_Memory_Manager_v4.6_[Crack].exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Application_Warp_Memory_Manager_v4.6_[Crack].zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Assam-Calcu_2.4.zip.vir/Assam-Calcu_2.4.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Assam-Calcu_2.4.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Atlanta Traffic Cam Viewer 1.6.zip.vir/Atlanta Traffic Cam Viewer 1.6.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Atlanta Traffic Cam Viewer 1.6.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Audio Editor Express 4.0 KeyGen.zip.vir/Audio Editor Express 4.0 KeyGen.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Audio Editor Express 4.0 KeyGen.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\AutoLyrics 0.1.2b.zip.vir/AutoLyrics 0.1.2b.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\AutoLyrics 0.1.2b.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\AV Voice Changer Software 6.0.10 (Crack).zip.vir/AV Voice Changer Software 6.0.10 (Crack).exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\AV Voice Changer Software 6.0.10 (Crack).zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Better_FileMaker_Developer_Feb_2003_Issue_4.0.zip.vir/Better_FileMaker_Developer_Feb_2003_Issue_4.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Better_FileMaker_Developer_Feb_2003_Issue_4.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Bitmap_Font_Edit_1.0.zip.vir/Bitmap_Font_Edit_1.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Bitmap_Font_Edit_1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Business_Plan_eGuides_2.0.zip.vir/Business_Plan_eGuides_2.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Business_Plan_eGuides_2.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Cavity Crusade 1.zip.vir/Cavity Crusade 1.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Cavity Crusade 1.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\CBackup Lite 1.0.zip.vir/CBackup Lite 1.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\CBackup Lite 1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Citroen Sports Screensaver 9.zip.vir/Citroen Sports Screensaver 9.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Citroen Sports Screensaver 9.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Cleanerzoomer_3.64.zip.vir/Cleanerzoomer_3.64.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Cleanerzoomer_3.64.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Command & Conquer Generals - Tournament Oasis map.zip.vir/Command & Conquer Generals - Tournament Oasis map.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Command & Conquer Generals - Tournament Oasis map.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\ContactsCollector_1.1.zip.vir/ContactsCollector_1.1.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\ContactsCollector_1.1.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\damFormMemory 1.0.zip.vir/damFormMemory 1.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\damFormMemory 1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\DeafSpot_Google_Toolbar_4.5.8.zip.vir/DeafSpot_Google_Toolbar_4.5.8.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\DeafSpot_Google_Toolbar_4.5.8.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Dhey Huntin 8 1.zip.vir/Dhey Huntin 8 1.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Dhey Huntin 8 1.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\DiffUnlock 1.0.zip.vir/DiffUnlock 1.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\DiffUnlock 1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Digital_Indicator_.NET_component_1.009.zip.vir/Digital_Indicator_.NET_component_1.009.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Digital_Indicator_.NET_component_1.009.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Disk_benchmark_2006_1.0.2.zip.vir/Disk_benchmark_2006_1.0.2.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Disk_benchmark_2006_1.0.2.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Dorgem 2.1.zip.vir/Dorgem 2.1.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Dorgem 2.1.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Dreamscape_Analysis_2.0.1d.zip.vir/Dreamscape_Analysis_2.0.1d.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Dreamscape_Analysis_2.0.1d.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\DzSoft PHP Editor 4.1.1.2.zip.vir/DzSoft PHP Editor 4.1.1.2.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\DzSoft PHP Editor 4.1.1.2.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Easy_E-Mail_Notify_5.0.zip.vir/Easy_E-Mail_Notify_5.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Easy_E-Mail_Notify_5.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Easy_Photo_Editor_1.9.zip.vir/Easy_Photo_Editor_1.9.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Easy_Photo_Editor_1.9.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\EGO_3.6_KeyGen.zip.vir/EGO_3.6_KeyGen.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\EGO_3.6_KeyGen.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\emboot_MBA_on_Disk_for_VM_1.5.zip.vir/emboot_MBA_on_Disk_for_VM_1.5.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\emboot_MBA_on_Disk_for_VM_1.5.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Fantasize Soundfont Player VSTi 2.3.zip.vir/Fantasize Soundfont Player VSTi 2.3.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Fantasize Soundfont Player VSTi 2.3.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\FastReport Studio 4.5.9.zip.vir/FastReport Studio 4.5.9.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\FastReport Studio 4.5.9.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\FileClone_1.0.zip.vir/FileClone_1.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\FileClone_1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Flash_Horizontal_Menu_Wizard_2.0.zip.vir/Flash_Horizontal_Menu_Wizard_2.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Flash_Horizontal_Menu_Wizard_2.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Flower_Lines_1.zip.vir/Flower_Lines_1.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Flower_Lines_1.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\FolderToDrive 1.0.zip.vir/FolderToDrive 1.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\FolderToDrive 1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Ford Model T Screensaver 1.zip.vir/Ford Model T Screensaver 1.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Ford Model T Screensaver 1.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\FreeVoice 1.2 Beta.zip.vir/FreeVoice 1.2 Beta.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\FreeVoice 1.2 Beta.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\GMail_Bookmark_1.1.zip.vir/GMail_Bookmark_1.1.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\GMail_Bookmark_1.1.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\GSA_Image_Spider_2.45_Patch.zip.vir/GSA_Image_Spider_2.45_Patch.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\GSA_Image_Spider_2.45_Patch.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Halloween Firefox theme 2.0.zip.vir/Halloween Firefox theme 2.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Halloween Firefox theme 2.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Home_Organizer_Deluxe_2.3.zip.vir/Home_Organizer_Deluxe_2.3.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Home_Organizer_Deluxe_2.3.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Hunter HTML Optimizer 1.0.zip.vir/Hunter HTML Optimizer 1.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Hunter HTML Optimizer 1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\idManage 4.4.zip.vir/idManage 4.4.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\idManage 4.4.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\iFlysoft Flash Converter 1.2.1.zip.vir/iFlysoft Flash Converter 1.2.1.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\iFlysoft Flash Converter 1.2.1.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\ImageSafety_1.0_(Patch).zip.vir/ImageSafety_1.0_(Patch).exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\ImageSafety_1.0_(Patch).zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Image_miner_1.30.zip.vir/Image_miner_1.30.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Image_miner_1.30.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Instant Video Autorun 1.74.0.zip.vir/Instant Video Autorun 1.74.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Instant Video Autorun 1.74.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Instrumentation .Net Package 1.000.zip.vir/Instrumentation .Net Package 1.000.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Instrumentation .Net Package 1.000.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\ITWorkTimer_1.1_(Serial).zip.vir/ITWorkTimer_1.1_(Serial).exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\ITWorkTimer_1.1_(Serial).zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Java Modelling Tools 0.7.3.zip.vir/Java Modelling Tools 0.7.3.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Java Modelling Tools 0.7.3.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\JavaScript_Dissolving_PopMenu_1.0_Key+Serial.zip.vir/JavaScript_Dissolving_PopMenu_1.0_Key+Serial.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\JavaScript_Dissolving_PopMenu_1.0_Key+Serial.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\JimPack 2.0.zip.vir/JimPack 2.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\JimPack 2.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\kCharge_2.0.zip.vir/kCharge_2.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\kCharge_2.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Kernel_Paradox_4.03.zip.vir/Kernel_Paradox_4.03.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Kernel_Paradox_4.03.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\KnowItAll_2.0.632.zip.vir/KnowItAll_2.0.632.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\KnowItAll_2.0.632.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Length Optimizer Multiple List Version 1.0.zip.vir/Length Optimizer Multiple List Version 1.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Length Optimizer Multiple List Version 1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\LibMaster.com ActiveStockChart 1.0.zip.vir/LibMaster.com ActiveStockChart 1.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\LibMaster.com ActiveStockChart 1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\LingvoSoft_Dictionary_2007_German_-_Italian_4.0.22.zip.vir/LingvoSoft_Dictionary_2007_German_-_Italian_4.0.22.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\LingvoSoft_Dictionary_2007_German_-_Italian_4.0.22.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\LingvoSoft_Picture_Dictionary_2007_English_-_Estonian_1.1.17.zip.vir/LingvoSoft_Picture_Dictionary_2007_English_-_Estonian_1.1.17.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\LingvoSoft_Picture_Dictionary_2007_English_-_Estonian_1.1.17.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\LopeEdit Pro 5.4.1.zip.vir/LopeEdit Pro 5.4.1.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\LopeEdit Pro 5.4.1.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Magic 3GP Video Converter 8.0.1.16.zip.vir/Magic 3GP Video Converter 8.0.1.16.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Magic 3GP Video Converter 8.0.1.16.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\MapCreator_Free_Edition_1.0.zip.vir/MapCreator_Free_Edition_1.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\MapCreator_Free_Edition_1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Memory Monitor 1.0.zip.vir/Memory Monitor 1.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Memory Monitor 1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\MIE55SpeedUp_1.0.zip.vir/MIE55SpeedUp_1.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\MIE55SpeedUp_1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Mineral_Miner_1.01.zip.vir/Mineral_Miner_1.01.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Mineral_Miner_1.01.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\mnoGoSearch_Lite_3.2.42.1_Cracked.zip.vir/mnoGoSearch_Lite_3.2.42.1_Cracked.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\mnoGoSearch_Lite_3.2.42.1_Cracked.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Morovia Code 128 Barcode Fontware 1.0 [Crack].zip.vir/Morovia Code 128 Barcode Fontware 1.0 [Crack].exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Morovia Code 128 Barcode Fontware 1.0 [Crack].zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\MorphBuster_7.5.zip.vir/MorphBuster_7.5.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\MorphBuster_7.5.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Mucha Art Nouveau 1.0.zip.vir/Mucha Art Nouveau 1.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Mucha Art Nouveau 1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Multi-Replace 2.2.5.0 [Key].zip.vir/Multi-Replace 2.2.5.0 [Key].exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Multi-Replace 2.2.5.0 [Key].zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\myCalendar 2.3.zip.vir/myCalendar 2.3.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\myCalendar 2.3.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\NBC Today Show 7.08.27.zip.vir/NBC Today Show 7.08.27.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\NBC Today Show 7.08.27.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\NET_Video_Spy_2.0_(With_Crack).zip.vir/NET_Video_Spy_2.0_(With_Crack).exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\NET_Video_Spy_2.0_(With_Crack).zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\New Utilities 2.5.zip.vir/New Utilities 2.5.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\New Utilities 2.5.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Nexeye_Monitoring_Enterprise_1.2.zip.vir/Nexeye_Monitoring_Enterprise_1.2.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Nexeye_Monitoring_Enterprise_1.2.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Omar Sharif Bridge II 1.zip.vir/Omar Sharif Bridge II 1.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Omar Sharif Bridge II 1.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Online_Store_Kit_3.0_Lite_3.0.zip.vir/Online_Store_Kit_3.0_Lite_3.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Online_Store_Kit_3.0_Lite_3.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\PageFour_1.61_(KeyGen).zip.vir/PageFour_1.61_(KeyGen).exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\PageFour_1.61_(KeyGen).zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\PC Digital Safe 2.50i.zip.vir/PC Digital Safe 2.50i.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\PC Digital Safe 2.50i.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\PL.Ewido.Anti-Spyware.v.4.0.0.172.+.serial.zip.vir/PL.Ewido.Anti-Spyware.v.4.0.0.172.+.serial.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\PL.Ewido.Anti-Spyware.v.4.0.0.172.+.serial.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\PowerSearch_2.2.1_With_Crack.zip.vir/PowerSearch_2.2.1_With_Crack.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\PowerSearch_2.2.1_With_Crack.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\RBTray 3.1.zip.vir/RBTray 3.1.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\RBTray 3.1.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\SafeSurfer Popup Ad Killer 1.8.zip.vir/SafeSurfer Popup Ad Killer 1.8.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\SafeSurfer Popup Ad Killer 1.8.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Saint_Paint_Studio_12.1.zip.vir/Saint_Paint_Studio_12.1.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Saint_Paint_Studio_12.1.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\ScanWiz_1.1_(Cracked).zip.vir/ScanWiz_1.1_(Cracked).exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\ScanWiz_1.1_(Cracked).zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\SIMPLEX 1.7.2.zip.vir/SIMPLEX 1.7.2.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\SIMPLEX 1.7.2.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Skorbord 1.0.zip.vir/Skorbord 1.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Skorbord 1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Skype Toolbar for Internet Explorer 2.1.0.12.zip.vir/Skype Toolbar for Internet Explorer 2.1.0.12.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Skype Toolbar for Internet Explorer 2.1.0.12.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Smart_Pc_Keylogger_3.2.zip.vir/Smart_Pc_Keylogger_3.2.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Smart_Pc_Keylogger_3.2.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\SMSLibX_1.9.zip.vir/SMSLibX_1.9.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\SMSLibX_1.9.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\SpaceGuard SRM 6.0 Build 1113.zip.vir/SpaceGuard SRM 6.0 Build 1113.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\SpaceGuard SRM 6.0 Build 1113.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Spectrino_for_R_1.5.0.zip.vir/Spectrino_for_R_1.5.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Spectrino_for_R_1.5.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Speech_Timer_1.0_With_Crack.zip.vir/Speech_Timer_1.0_With_Crack.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Speech_Timer_1.0_With_Crack.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\StarCraft_patch_1.13.zip.vir/StarCraft_patch_1.13.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\StarCraft_patch_1.13.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Sysutil Wakeup 1.01.zip.vir/Sysutil Wakeup 1.01.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Sysutil Wakeup 1.01.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Tadpole 0.5.zip.vir/Tadpole 0.5.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Tadpole 0.5.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\The Sorting Machine 1.0.zip.vir/The Sorting Machine 1.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\The Sorting Machine 1.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\The_Sims_-_Celtics_T-Shirt_skin.zip.vir/The_Sims_-_Celtics_T-Shirt_skin.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\The_Sims_-_Celtics_T-Shirt_skin.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Twin Folders 3.0 (Key).zip.vir/Twin Folders 3.0 (Key).exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Twin Folders 3.0 (Key).zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Unit_Player_1.06.344.zip.vir/Unit_Player_1.06.344.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Unit_Player_1.06.344.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Unreal_Tournament_2004_ONS_Jungle_Redux_Map.zip.vir/Unreal_Tournament_2004_ONS_Jungle_Redux_Map.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Unreal_Tournament_2004_ONS_Jungle_Redux_Map.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Vigenère Cipher 2.0.2.3.zip.vir/VigenFre Cipher 2.0.2.3.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Vigenère Cipher 2.0.2.3.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Vinny_Federal_Income_Tax_2004_Feb_7.2005.zip.vir/Vinny_Federal_Income_Tax_2004_Feb_7.2005.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Vinny_Federal_Income_Tax_2004_Feb_7.2005.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\WinProxy Secure Suite 6.1.zip.vir/WinProxy Secure Suite 6.1.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\WinProxy Secure Suite 6.1.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\X-Treme Media Finder 2.0.1.1.0.4.zip.vir/X-Treme Media Finder 2.0.1.1.0.4.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\X-Treme Media Finder 2.0.1.1.0.4.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Zee-Troll 2.0.zip.vir/Zee-Troll 2.0.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\Zee-Troll 2.0.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\ZipRecovery_1.5.zip.vir/ZipRecovery_1.5.exe Infected: Trojan-Downloader.Win32.Bagle.ps skipped
C:\QooBox\Quarantine\C\Documents and Settings\Rick Hawn\Application Data\m\shared\ZipRecovery_1.5.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\22542859.exe.vir Infected: Email-Worm.Win32.Bagle.vr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\22554609.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\22562578.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\22646890.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\22656875.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\22695218.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\26372578.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\26422421.exe.vir Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\catchme2008-05-19_ 25828.13.zip/wintems.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\catchme2008-05-19_ 25828.13.zip/mdelk.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\QooBox\Quarantine\catchme2008-05-19_ 25828.13.zip/hldrrr.exe Infected: Trojan-Downloader.Win32.Bagle.po skipped
C:\QooBox\Quarantine\catchme2008-05-19_ 25828.13.zip/mdelk.exe.1 Infected: Trojan-Downloader.Win32.Bagle.po skipped
C:\QooBox\Quarantine\catchme2008-05-19_ 25828.13.zip ZIP: infected - 4 skipped
C:\QooBox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010002.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP1\A0000009.exe Infected: Trojan-Downloader.Win32.Bagle.po skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP1\A0000010.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP1\A0000081.exe Infected: Trojan-Downloader.Win32.Bagle.po skipped

To Be continuted---

**Jindai** · 2008-05-20, 08:11

Here's the rest of it---

C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP1\A0000082.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP1\A0001028.exe Infected: Trojan-Downloader.Win32.Bagle.po skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP1\A0001222.exe Infected: Trojan-Downloader.Win32.Bagle.po skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP1\A0001223.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP1\A0001239.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP1\A0001240.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP2\A0001267.exe Infected: Email-Worm.Win32.Bagle.vr skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP2\A0001268.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP2\A0001269.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP2\A0001272.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP2\A0001273.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP2\A0001275.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP2\A0001284.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP2\A0001285.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP2\A0001325.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP2\A0001892.exe Infected: Trojan-Downloader.Win32.Bagle.po skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP2\A0001894.exe Infected: Trojan-Downloader.Win32.Bagle.po skipped
C:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP2\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\CSC\00000002 Object is locked skipped
C:\WINDOWS\CSC\00000003 Object is locked skipped
C:\WINDOWS\CSC\d2\00000011 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{27AE3A06-35A7-49BE-810F-8956FBC663C5}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\My Shared Folder\Mobily\sysreset253.exe/data.rar/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
D:\My Shared Folder\Mobily\sysreset253.exe/data.rar Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
D:\My Shared Folder\Mobily\sysreset253.exe RarSFX: infected - 2 skipped
D:\Program Files\Agent\Data\0000044D.DAT/[From "amy" ][Date Sat, 20 Nov 2004 10:07:32 GMT]/UNNAMED/CHRISTINA_AGUILERA.scr Infected: Backdoor.Win32.Hackarmy.w skipped
D:\Program Files\Agent\Data\0000044D.DAT/[From "amy" ][Date Sat, 20 Nov 2004 10:07:32 GMT]/UNNAMED Infected: Backdoor.Win32.Hackarmy.w skipped
D:\Program Files\Agent\Data\0000044D.DAT Mail: infected - 2 skipped
D:\RECYCLER\NPROTECT\00000007.EXE Infected: Trojan-Downloader.Win32.Bagle.po skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{4EB0CD3E-4621-49AB-B25C-DADBD3B481DE}\RP2\change.log Object is locked skipped
G:\15f9423f8f24749db647182d0348\Eventlog.txt Object is locked skipped

**Jindai** · 2008-05-20, 08:17

Oh, crud, sorry I missed that instruction!

I posted it on the rapidshare site, aftewards, here's the link. I'll delete the overlong posts if I can figure out how.

http://rapidshare.com/files/11620296...eport.txt.html

Jindai

**Blade81** · 2008-05-20, 08:45

Hi

Uninstall GoogleToolbar.

Delete following folder:
C:\!KillBox

and files:
C:\Program Files\eMule\Incoming\Images\Stuff\Rar Password Cracker v4.11 - Keygen.zip
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A36046B.exe

Now lets uninstall ComboFix:

Click START then RUN
Now type Combo-Fix /u in the runbox and click OK

How's the system running?

Thread: not valid win32 applications, IE not working, and more

Thread Tools

Display

not valid win32 applications, IE not working, and more

Posting Permissions