PDA

View Full Version : bar888 command causing memory dump



orion1234
2007-02-17, 21:14
after recently removing bar888 from my system. i have been unable to run adaware or spybot as during a scan of the registry i get BSOD with memory dump. registry mechanic gets the same treatment during registry scan. How can i get rid of this command/commands. here is hjthis log.

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\david\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.karoo.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = IC1:8080
R3 - URLSearchHook: (no name) - {EBF56F07-5DC3-6E55-809F-7FBA83F2D712} - KeywordFinder.dll (file missing)
R3 - URLSearchHook: (no name) - {888BBA2F-D9DD-4028-D728-D1E961D6C672} - NSYSCPLSTR.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [jbjsd.exe] C:\WINDOWS\system32\jbjsd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dmfgv.exe] C:\WINDOWS\system32\dmfgv.exe
O4 - HKLM\..\Run: [dmdke.exe] C:\WINDOWS\system32\dmdke.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [bingo9] MsNetHelper.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UserSp1] Serviceprocess.exe
O4 - HKCU\..\Run: [lpt] xsetup.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [dePloy] powerdll.exe
O4 - HKCU\..\Run: [services] backd.exe
O4 - HKCU\..\Run: [DCC_send] backd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: services.lnk = ?
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/goldfever/goldfever.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05F5BF5F-D415-4F43-A731-662B0A1AE52C}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{18D294CF-244B-4E66-844E-59606D586FBB}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{05F5BF5F-D415-4F43-A731-662B0A1AE52C}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS2\Services\Tcpip\..\{05F5BF5F-D415-4F43-A731-662B0A1AE52C}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS3\Services\Tcpip\..\{05F5BF5F-D415-4F43-A731-662B0A1AE52C}: NameServer = 85.255.113.110,85.255.112.227
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Shaba
2007-02-18, 11:49
Hi orion1234

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure Run fixit is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads, post the text that will open (report.txt) and a new Hijackthis log in the forum please.

orion1234
2007-02-18, 14:52
Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\CurrentVersion\Run\ ="jbjsd"
HKLM\SOFTWARE\~\CurrentVersion\Run\ ="dmfgv"
HKLM\SOFTWARE\~\CurrentVersion\Run\ ="dmdke"
HKLM\SOFTWARE\~\Winlogon\ "System"="cshxy.exe"

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\version\Run\ "jbjsd"
HKLM\SOFTWARE\~\version\Run\ "dmfgv"
HKLM\SOFTWARE\~\version\Run\ "dmdke"
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "pgtshlld" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "gib_ogol" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "nidnsdr" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23naelch" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "ytpme" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23lserspg" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "aplnsftn" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23rtcdaol" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "xedocne" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "repiwoh" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "llun" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "23plhps" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "mgcppp" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "tesvaf" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "golmedi" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "32refaselif" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "putesprpgd" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "nbilbaj" Deleted
HKLM\~\currentversion\run "jbjsd.exe" Deleted
HKLM\~\currentversion\run "dmfgv.exe" Deleted
HKLM\~\currentversion\run "dmdke.exe" Deleted
....
»»»»» Misc files.
C:\WINDOWS\RDT.INI Deleted
C:\WINDOWS\System32\close.bmp Deleted
C:\WINDOWS\System32\dating.bmp Deleted
C:\WINDOWS\System32\drivers\zpmodemnt.sys Deleted
C:\WINDOWS\System32\gambling.bmp Deleted
C:\WINDOWS\System32\idesk.conf Deleted
C:\WINDOWS\System32\insurance.bmp Deleted
C:\WINDOWS\System32\pharmacy.bmp Deleted
C:\WINDOWS\System32\spyware.bmp Deleted
C:\WINDOWS\System32\xxx.bmp Deleted
C:\Casino Deleted
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"services"=""
"removecpl"="RemoveCpl.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"bingo9"="MsNetHelper.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"RegistryMechanic"=""
@=""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"UserSp1"="Serviceprocess.exe"
"lpt"="xsetup.exe"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"Eraser"="C:\\Program Files\\Eraser\\eraser.exe -hide"
"dePloy"="powerdll.exe"
"services"="backd.exe"
"DCC_send"="backd.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

orion1234
2007-02-18, 14:55
Logfile of HijackThis v1.99.1
Scan saved at 12:53:45, on 18/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\david\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.karoo.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = IC1:8080
R3 - URLSearchHook: (no name) - {EBF56F07-5DC3-6E55-809F-7FBA83F2D712} - KeywordFinder.dll (file missing)
R3 - URLSearchHook: (no name) - {888BBA2F-D9DD-4028-D728-D1E961D6C672} - NSYSCPLSTR.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [bingo9] MsNetHelper.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UserSp1] Serviceprocess.exe
O4 - HKCU\..\Run: [lpt] xsetup.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [dePloy] powerdll.exe
O4 - HKCU\..\Run: [services] backd.exe
O4 - HKCU\..\Run: [DCC_send] backd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: services.lnk = ?
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/goldfever/goldfever.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05F5BF5F-D415-4F43-A731-662B0A1AE52C}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{18D294CF-244B-4E66-844E-59606D586FBB}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{05F5BF5F-D415-4F43-A731-662B0A1AE52C}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS2\Services\Tcpip\..\{05F5BF5F-D415-4F43-A731-662B0A1AE52C}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS3\Services\Tcpip\..\{05F5BF5F-D415-4F43-A731-662B0A1AE52C}: NameServer = 85.255.113.110,85.255.112.227

orion1234
2007-02-18, 14:57
O18 - Protocol: bw+0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Please note, the logiteck protocols were left out of my original post as they wouldnt fit on, although thought they were rather odd cause there are so many, is this normal?

Shaba
2007-02-18, 15:03
Hi

Logitech Desktop Messenger is open to debate, you can uninstall it via add/remove programs if you like, link (http://www.greatis.com/appdata/a/l/logitechdesktopmessenger.exe.htm).

Also I see no antivirus or firewall on your log but traces of Norton?

Open HijackThis, click do a system scan only and checkmark these:

R3 - URLSearchHook: (no name) - {EBF56F07-5DC3-6E55-809F-7FBA83F2D712} - KeywordFinder.dll (file missing)
R3 - URLSearchHook: (no name) - {888BBA2F-D9DD-4028-D728-D1E961D6C672} - NSYSCPLSTR.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: MsNetHelper.exe
O4 - HKCU\..\Run: [UserSp1] Serviceprocess.exe
O4 - HKCU\..\Run: [lpt] xsetup.exe
O4 - HKCU\..\Run: [dePloy] powerdll.exe
O4 - HKCU\..\Run: [services] backd.exe
O4 - HKCU\..\Run: [DCC_send] backd.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: services.lnk = ?
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/game...ploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05F5BF5F-D415-4F43-A731-662B0A1AE52C}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{18D294CF-244B-4E66-844E-59606D586FBB}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{05F5BF5F-D415-4F43-A731-662B0A1AE52C}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS2\Services\Tcpip\..\{05F5BF5F-D415-4F43-A731-662B0A1AE52C}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS3\Services\Tcpip\..\{05F5BF5F-D415-4F43-A731-662B0A1AE52C}: NameServer = 85.255.113.110,85.255.112.227

Close all windows including browser and press fix checked.

Please do a search:

Go "Start">"Search">"All Files and Folders"
Enter [b]RemoveCpl.exe in "All or part of file name"
Select "More advanced options"
Check-mark "Search System Folders", "Search hidden files and folders", and "Search subfolders".
Click "Search". Right click the file and select delete.

Empty Recycle Bin.

NOTE: That file may not exist at all! If it doesn't, just skip the step above.

Repeat step above for these:

MsNetHelper.exe
Serviceprocess.exe
xsetup.exe
powerdll.exe
backd.exe

Re-run fixwareout

Send:

- fixwareout report
- a fresh HijackThis log

orion1234
2007-02-18, 16:04
Hi there,

I did have norton but i uninstalled it because it was so out of date it was next to useless. could download avg. My Router has a built in Firewall and was told by someone that this would be sufficient, is it not?

An error occured during hijackthis fix, o4 startup:services.lnk=? could not be deleted, bad filename or number in sub GetLongPath. Then it said the file might be in use so it couldnt delete.

I deleted the file Serviceprocess tho, it was in Service pack folder, hope this was right. xsetup wasnt there but there was IPxsetup, but i didnt delete as i wasnt sure.
Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"services"=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"RegistryMechanic"=""
@=""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"Eraser"="C:\\Program Files\\Eraser\\eraser.exe -hide"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

orion1234
2007-02-18, 16:06
Logfile of HijackThis v1.99.1
Scan saved at 14:05:05, on 18/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\david\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.karoo.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = IC1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: services.lnk = ?
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/goldfever/goldfever.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {48195F62-A7A7-4535-97E4-16BF7DA1C66D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Shaba
2007-02-18, 16:10
Hi

Yes, router with firewall is enough. However, you should install an antivirus

First follow these (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=bar_sch_nam&docid=2004092711224136&nsf=nip.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=&seg=ag)
instructions

After that:

Please do a search:

Go "Start">"Search">"All Files and Folders"
Enter services.lnk in "All or part of file name"
Select "More advanced options"
Check-mark "Search System Folders", "Search hidden files and folders", and "Search subfolders".
Click "Search". Right click the file and select delete.

Empty Recycle Bin.

NOTE: That file may not exist at all! If it doesn't, just skip the step above.

Reboot

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/doc/1) - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Send a fresh HijackThis log.

orion1234
2007-02-18, 16:30
file did not exist. Have installed AVG as per your instructions.

Logfile of HijackThis v1.99.1
Scan saved at 14:27:37, on 18/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\david\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.karoo.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = IC1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: services.lnk = ?
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/goldfever/goldfever.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Shaba
2007-02-18, 16:39
Hi

Ok, let's try this:

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
______________________________

Open HijackThis, click do a system scan only and checkmark this:

O4 - Startup: services.lnk = ?

Close all windows including browser and press fix checked.

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:

Quit Internet Explorer, all browsers and quit any instances of Windows Explorer.

For Internet Explorer 7
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete... under Browsing History.
Next to Temporary Internet Files, click Delete files, and then click OK.
Next to Cookies, click Delete cookies, and then click OK.
Next to History, click Delete history, and then click OK.
Click the Close button.
Click OK.
For Internet Explorer 4.x - 6.x
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box, and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.
For Netscape 4.x and Up
Click Edit from the Netscape menubar.
Click Preferences... from the Edit menu.
Expand the Advanced menu by clicking the triangle sign.
Click Cache.
Click both the Clear Memory Cache and the Clear Disk Cache buttons.
For Mozilla 1.x and Up
Click Edit from the Mozilla menubar.
Click Preferences... from the Edit menu.
Expand the Advanced menu by clicking the plus sign.
Click Cache.
Click the Clear Cache button.
For Opera
Click File from the Opera menubar.
Click Preferences... from the File menu.
Click the History and Cache menu.
Click the two Clear buttons next to Typed in addresses and Visited addresses (history) and click the Empty now button to clear the Disk cache.
Click Ok to close the Preferences menu.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________

Please post:

AVG Anti-Spyware log
A new HijackThis log
You may need several replies to post the requested logs, otherwise they might get cut off.

orion1234
2007-02-18, 17:42
Even in safe mode i was unable to delete the o4 startup:services.lnk

it told me to end the process in task manager and then delete

also the scan by antispyware caused memeory dump

Shaba
2007-02-18, 17:59
Hi

That's very strange.

Let's run one tool now:

Download WinPFind3U.exe (http://download.bleepingcomputer.com/oldtimer/winpfind3u.exe) to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.

In the Files Created Within group click 30 days
In the Files Modified Within group select 30 days
In the File String Search group select Non-Microsoft

Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.

orion1234
2007-02-18, 18:10
WinPFind3 logfile created on: 18/02/2007 16:02:48
WinPFind3U by OldTimer - Version 1.0.18 Folder = C:\Documents and Settings\david\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

523504 Kb Total Physical Memory | 268712 Kb Available Physical Memory | 51.33% Memory free
1276940 Kb Paging File | 1026084 Kb Available in Paging File | 80.35% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40949652 Kb Total Space | 20020440 Kb Free Space | 48.89% Space Free
Drive D: | 39455636 Kb Total Space | 30309556 Kb Free Space | 76.82% Space Free
Drive E: | 5124 Kb Total Space | 0 Kb Free Space | 0.00% Space Free
F: Drive not present or media not loaded


[Processes - Non-Microsoft Only]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 23/02/2005 02:33:36 | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 23/02/2005 02:33:36 | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5072 | Size = 335872 bytes | Modified Date = 25/11/2003 21:10:00 | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 353792 bytes | Modified Date = 18/02/2007 14:25:32 | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 18/02/2007 14:25:32 | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 18/02/2007 14:25:34 | Attr = ]
dkservice.exe -> %ProgramFiles%\Executive Software\DiskeeperWorkstation\DKService.exe -> Executive Software International, Inc. [Ver = 7.0.393.0 | Size = 253952 bytes | Modified Date = 31/08/2001 14:23:12 | Attr = ]
eraser.exe -> %ProgramFiles%\Eraser\eraser.exe -> - [Ver = 5.3.5363.0 | Size = 487424 bytes | Modified Date = 05/02/2007 19:28:42 | Attr = ]
fxsvr2.exe -> %ProgramFiles%\Logitech\Video\FxSvr2.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 192512 bytes | Modified Date = 18/01/2005 16:08:36 | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 14:13:20 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 30/10/2006 09:36:32 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 30/10/2006 09:36:36 | Attr = ]
logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
logitray.exe -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 217088 bytes | Modified Date = 18/01/2005 16:37:30 | Attr = ]
lvcomsx.exe -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.1.1092 | Size = 221184 bytes | Modified Date = 08/10/2004 10:52:32 | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 25/10/2006 18:58:18 | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.18.0 | Size = 308736 bytes | Modified Date = 12/02/2007 21:39:14 | Attr = ]
wzqkpick.exe -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing LP [Ver = 1.0 (32-bit) | Size = 122880 bytes | Modified Date = 16/02/2006 10:00:00 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4113 | Size = 352256 bytes | Modified Date = 23/02/2005 02:33:36 | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0023 | Size = 516096 bytes | Modified Date = 22/02/2005 20:05:00 | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 28/09/2006 14:13:20 | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 353792 bytes | Modified Date = 18/02/2007 14:25:32 | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 18/02/2007 14:25:34 | Attr = ]
(Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Executive Software\DiskeeperWorkstation\DKService.exe -> Executive Software International, Inc. [Ver = 7.0.393.0 | Size = 253952 bytes | Modified Date = 31/08/2001 14:23:12 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 03/08/2004 23:56:50 | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03/04/2005 23:41:10 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 30/10/2006 09:36:32 | Attr = ]
(UserAccess7) SecuROM User Access Service (V7) [Win32_Own | Disabled | Stopped] -> %System32%\UAService7.exe -> [Ver = | Size = 126976 bytes | Modified Date = 06/04/2005 00:19:42 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.1.1879.40242 | Size = 32768 bytes | Modified Date = 22/02/2005 22:21:26 | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5072 | Size = 335872 bytes | Modified Date = 25/11/2003 21:10:00 | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.438 | Size = 411648 bytes | Modified Date = 18/02/2007 14:25:32 | Attr = ]
Cmaudio -> cmicnfg.CPL -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 30/10/2006 09:36:36 | Attr = ]
KernelFaultCheck -> -> File not found
LogitechVideoRepair -> %ProgramFiles%\Logitech\Video\ISStart.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 458752 bytes | Modified Date = 18/01/2005 16:47:30 | Attr = ]
LogitechVideoTray -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 217088 bytes | Modified Date = 18/01/2005 16:37:30 | Attr = ]
LVCOMSX -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.1.1092 | Size = 221184 bytes | Modified Date = 08/10/2004 10:52:32 | Attr = ]
NeroCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 10:50:42 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 25/10/2006 18:58:18 | Attr = ]
RegistryMechanic -> -> File not found
services -> -> File not found
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 36975 bytes | Modified Date = 10/11/2005 12:03:52 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Eraser -> %ProgramFiles%\Eraser\eraser.exe -> - [Ver = 5.3.5363.0 | Size = 487424 bytes | Modified Date = 05/02/2007 19:28:42 | Attr = ]
LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 196608 bytes | Modified Date = 18/01/2005 16:07:54 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\ATI CATALYST System Tray.lnk -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.1.1879.40242 | Size = 32768 bytes | Modified Date = 22/02/2005 22:21:26 | Attr = ]
%AllUsersStartup%\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe -> Logitech [Ver = 2.30.04 | Size = 196608 bytes | Modified Date = 04/08/2006 22:19:06 | Attr = ]
%AllUsersStartup%\WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing LP [Ver = 1.0 (32-bit) | Size = 122880 bytes | Modified Date = 16/02/2006 10:00:00 | Attr = ]
< Registry Shell Spawning > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
regfile [merge] -> Reg Data - Key not found ->
scrfile [open] -> "%1" /S ->
scrfile [config] -> "%1" ->
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> %programfiles%\internet explorer\iexplore.exe -> File not found
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.lnk\ShellNew\\Command ->
NewLinkHere -> -> File not found
%1 -> -> File not found
*Command* -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bfc\ShellNew\\Command ->
Briefcase_Create -> -> File not found
%2!d! -> -> File not found
%1 -> -> File not found
< ActiveX StubPath [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -> ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ->
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ->
{4b218e3e-bc98-4770-93d3-2731b9329278} -> %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf ->
{5945c046-1e7d-11d1-bc44-00c04fd912be} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ->
{6BF52A52-394A-11d3-B153-00C04F79FAA6} -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub ->
{73FA19D0-2D75-11D2-995D-00C04F98BBC9} -> ->
{7790769C-0471-11d2-AF11-00C04FA35D02} -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ->
{89820200-ECBD-11cf-8B85-00AA005B4340} -> regsvr32.exe /s /n /i:U shell32.dll ->
{89820200-ECBD-11cf-8B85-00AA005B4383} -> %SystemRoot%\system32\ie4uinit.exe ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} -> C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP ->
>{26923b43-4d38-484f-9b9e-de460746276c} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ->
< WOW Command Line [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
*wowcmdline* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW\\wowcmdline ->
-a -> -> File not found
< Session Manager Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute -> autocheck autochk *; ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 28/09/2006 14:13:28 | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\

orion1234
2007-02-18, 18:11
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.google.com ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> \blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.karoo.co.uk/ ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> <local>;localhost ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 02/03/2001 11:02:04 | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 01:04:00 | Attr = ]
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} [HKLM] -> %ProgramFiles%\Spyware Doctor\tools\iesdsg.dll [PCTools Site Guard] -> [Ver = | Size = 272384 bytes | Modified Date = 20/12/2004 11:38:38 | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 10/11/2005 12:22:12 | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8193 - Reg Data - Key not found ->
{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} -> 8195 - Reg Data - Key not found ->
{B1BA4A3F-1C95-497b-9F82-F8DA4A5C89DD} -> 8194 - Reg Data - Key not found ->
{BF69DF00-2734-477F-8257-27CD04F88779} -> 8196 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8192 - Reg Data - Key not found ->
NextId -> 8198 ->
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\
.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [Reg Data - Value does not exist] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 30/01/2001 12:56:24 | Attr = ]
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} [HKLM] -> Reg Data - Key not found [dBpowerAMP Music Converter] -> File not found
{32683183-48a0-441b-a342-7c2a440a9478} [HKLM] -> Reg Data - Key not found [Media Band] -> File not found
{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} [HKLM] -> %ProgramFiles%\Logitech\Video\Namespc2.dll [My Logitech Pictures] -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 135168 bytes | Modified Date = 18/01/2005 16:48:34 | Attr = ]
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{5E2121EE-0300-11D4-8D3B-444553540000} [HKLM] -> %ProgramFiles%\ATI Technologies\ATI.ACE\atiacmxx.dll [Catalyst Context Menu extension] -> [Ver = 1, 0, 0, 1 | Size = 69632 bytes | Modified Date = 18/01/2005 11:58:04 | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 23/08/2001 12:00:00 | Attr = ]
{8BE13461-936F-11D1-A87D-444553540000} [HKLM] -> %ProgramFiles%\Eraser\erasext.dll [Eraser Shell Extension] -> - [Ver = 5.3.5363.0 | Size = 192512 bytes | Modified Date = 05/02/2007 19:28:42 | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG7\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 18/02/2007 14:25:32 | Attr = ]
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG7\avgse.dll [AVG7 Find Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 18/02/2007 14:25:32 | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 30/10/2006 09:36:36 | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16/02/2006 10:00:00 | Attr = ]
{E0D79305-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16/02/2006 10:00:00 | Attr = ]
{E0D79306-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16/02/2006 10:00:00 | Attr = ]
{E0D79307-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16/02/2006 10:00:00 | Attr = ]
{FED7043D-346A-414D-ACD7-550D052499A7} [HKLM] -> Reg Data - Key not found [dBpowerAMP Music Converter 1] -> File not found
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06/10/2006 11:40:48 | Attr = ]
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG7\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 18/02/2007 14:25:32 | Attr = ]
{8BE13461-936F-11D1-A87D-444553540000} [HKLM] -> %ProgramFiles%\Eraser\erasext.dll [Erasext] -> - [Ver = 5.3.5363.0 | Size = 192512 bytes | Modified Date = 05/02/2007 19:28:42 | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16/02/2006 10:00:00 | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 06/10/2006 11:40:48 | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16/02/2006 10:00:00 | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{5E2121EE-0300-11D4-8D3B-444553540000} [HKLM] -> %ProgramFiles%\ATI Technologies\ATI.ACE\atiacmxx.dll [ACE] -> [Ver = 1, 0, 0, 1 | Size = 69632 bytes | Modified Date = 18/01/2005 11:58:04 | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} [HKLM] -> %ProgramFiles%\Grisoft\AVG7\avgse.dll [AVG7 Shell Extension] -> GRISOFT, s.r.o. [Ver = 7.5.0.409 | Size = 50688 bytes | Modified Date = 18/02/2007 14:25:32 | Attr = ]
{8BE13461-936F-11D1-A87D-444553540000} [HKLM] -> %ProgramFiles%\Eraser\erasext.dll [Erasext] -> - [Ver = 5.3.5363.0 | Size = 192512 bytes | Modified Date = 05/02/2007 19:28:42 | Attr = ]
{E0D79304-84BE-11CE-9641-444553540000} [HKLM] -> %ProgramFiles%\WinZip\WZSHLSTB.DLL [WinZip] -> WinZip Computing LP [Ver = 4.1 (32-bit) | Size = 5120 bytes | Modified Date = 16/02/2006 10:00:00 | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{764473E8-D0EE-4C24-BC3D-9A605E5DAE58} -> () ->
{BF7C13C4-8143-44A5-8AE4-24B1506B2D7B} -> (Nintendo Wi-Fi USB Connector) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
bw+0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw+0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw-0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw00 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw00s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw-0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw10 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw10s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw20 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw20s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw30 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw30s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw40 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw40s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw50 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw50s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw60 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw60s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw70 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw70s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw80 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw80s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw90 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bw90s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwa0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwa0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwb0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwb0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwc0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwc0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwd0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwd0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwe0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwe0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwf0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwf0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwfile-8876480 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwg0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwg0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwh0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwh0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwi0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwi0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwj0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]

orion1234
2007-02-18, 18:14
bwj0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwk0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwk0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwl0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwl0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwm0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwm0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwn0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwn0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwo0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwo0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwp0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwp0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwq0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwq0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwr0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwr0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bws0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bws0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwt0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwt0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwu0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwu0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwv0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwv0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bww0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bww0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwx0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwx0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwy0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwy0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwz0 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
bwz0s -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
offline-8876480 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll -> Logitech [Ver = Version 7.2.0 (Build 157R) | Size = 40999 bytes | Modified Date = 04/08/2006 22:19:28 | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab ->
{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> GSDACtl Class - CodeBase = http://launch.gamespyarcade.com/software/launch/alaunch.cab ->
{7D1E9C49-BD6A-11D3-87A8-009027A35D73} -> Yahoo! Audio UI1 - CodeBase = http://chat.yahoo.com/cab/yacsui.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab ->
{9122D757-5A4F-4768-82C5-B4171D8556A7} -> PhotoPickConvert Class - CodeBase = http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab ->
{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} -> BatchDownloader Class - CodeBase = http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase = http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab ->
{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} -> Java Plug-in 1.4.1 - CodeBase = http://java.sun.com/products/plugin/1.4/jinstall-14-windows-i586.cab ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab ->
{D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} -> TikGames Online Control - CodeBase = http://download.games.yahoo.com/games/web_games/tikgames/goldfever/goldfever.cab ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> - CodeBase = http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab ->


[Files - Created Within 30 days]
LSWMV.INI -> %SystemDrive%\LSWMV.INI -> [Ver = | Size = 48 bytes | Created Date = 11/02/2007 09:57:16 | Attr = HS]
RegBackUp.reg -> %SystemDrive%\RegBackUp.reg -> [Ver = | Size = 66322434 bytes | Created Date = 12/02/2007 05:48:59 | Attr = ]
Operations Assistant Job description.doc -> %UserDocuments%\Operations Assistant Job description.doc -> [Ver = | Size = 30208 bytes | Created Date = 26/01/2007 02:26:02 | Attr = ]
Ad-Aware SE Personal.lnk -> %AllUsersDesktop%\Ad-Aware SE Personal.lnk -> [Ver = | Size = 841 bytes | Created Date = 12/02/2007 08:24:15 | Attr = ]
ATI Catalyst Control Center.lnk -> %AllUsersDesktop%\ATI Catalyst Control Center.lnk -> [Ver = | Size = 1895 bytes | Created Date = 16/02/2007 20:45:45 | Attr = ]
AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1532 bytes | Created Date = 18/02/2007 14:25:37 | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Created Date = 18/02/2007 15:04:11 | Attr = ]
Registry Mechanic.lnk -> %AllUsersDesktop%\Registry Mechanic.lnk -> [Ver = | Size = 738 bytes | Created Date = 16/02/2007 06:16:20 | Attr = ]
Second Life.lnk -> %AllUsersDesktop%\Second Life.lnk -> [Ver = | Size = 710 bytes | Created Date = 30/01/2007 21:19:29 | Attr = ]
aawsepersonal.exe -> %UserDesktop%\aawsepersonal.exe -> [Ver = | Size = 2855080 bytes | Created Date = 12/02/2007 08:23:44 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\aawsepersonal.exe:Zone.Identifier ->
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 2.00.0008 | Size = 47104 bytes | Created Date = 12/02/2007 05:44:30 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier ->
avg75free_441a944.exe -> %UserDesktop%\avg75free_441a944.exe -> [Ver = | Size = 19170000 bytes | Created Date = 12/02/2007 05:39:36 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avg75free_441a944.exe:Zone.Identifier ->
avgas-setup-7.5.0.50.exe -> %UserDesktop%\avgas-setup-7.5.0.50.exe -> [Ver = | Size = 6469352 bytes | Created Date = 18/02/2007 15:02:01 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-setup-7.5.0.50.exe:Zone.Identifier ->
avgas-signatures-full-current.exe -> %UserDesktop%\avgas-signatures-full-current.exe -> [Ver = | Size = 8304675 bytes | Created Date = 12/02/2007 05:28:25 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-signatures-full-current.exe:Zone.Identifier ->
avinstall.exe -> %UserDesktop%\avinstall.exe -> PC Tools [Ver = 3.1.0.10 | Size = 16750152 bytes | Created Date = 12/02/2007 05:20:15 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avinstall.exe:Zone.Identifier ->
combofix.exe -> %UserDesktop%\combofix.exe -> [Ver = 0. 0. 0. 0 | Size = 880702 bytes | Created Date = 12/02/2007 04:59:41 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\combofix.exe:Zone.Identifier ->
Fixwareout.exe -> %UserDesktop%\Fixwareout.exe -> [Ver = 1.0.0.5 | Size = 494582 bytes | Created Date = 18/02/2007 12:46:23 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Fixwareout.exe:Zone.Identifier ->
KillBox.zip -> %UserDesktop%\KillBox.zip -> [Ver = | Size = 70487 bytes | Created Date = 12/02/2007 05:44:45 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\KillBox.zip:Zone.Identifier ->
Norton_Removal_Tool.exe -> %UserDesktop%\Norton_Removal_Tool.exe -> Symantec Corporation [Ver = 2007.2.02.14 | Size = 788064 bytes | Created Date = 18/02/2007 14:18:39 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Norton_Removal_Tool.exe:Zone.Identifier ->
rminstall.exe -> %UserDesktop%\rminstall.exe -> PC Tools [Ver = 6.0.0.750 | Size = 4956272 bytes | Created Date = 16/02/2007 06:15:53 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\rminstall.exe:Zone.Identifier ->
SmitfraudFix.zip -> %UserDesktop%\SmitfraudFix.zip -> [Ver = | Size = 699373 bytes | Created Date = 13/02/2007 12:46:48 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.zip:Zone.Identifier ->
speedupmypc3plb.exe -> %UserDesktop%\speedupmypc3plb.exe -> Uniblue [Ver = SpeedUpMyPC 3.2 | Size = 5359152 bytes | Created Date = 12/02/2007 19:09:58 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\speedupmypc3plb.exe:Zone.Identifier ->
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Created Date = 16/02/2007 20:30:53 | Attr = ]
Teamspeak 2 RC2.lnk -> %UserDesktop%\Teamspeak 2 RC2.lnk -> [Ver = | Size = 665 bytes | Created Date = 13/02/2007 22:38:50 | Attr = ]
ts2_client_rc2_2032.exe -> %UserDesktop%\ts2_client_rc2_2032.exe -> [Ver = | Size = 5862994 bytes | Created Date = 13/02/2007 22:38:00 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ts2_client_rc2_2032.exe:Zone.Identifier ->
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0006 | Size = 90112 bytes | Created Date = 17/02/2007 18:55:29 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier ->
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Created Date = 18/02/2007 16:00:30 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
ATI CATALYST System Tray.lnk -> %AllUsersStartup%\ATI CATALYST System Tray.lnk -> [Ver = | Size = 1851 bytes | Created Date = 11/02/2007 10:26:24 | Attr = ]
Logitech Desktop Messenger.lnk -> %AllUsersStartup%\Logitech Desktop Messenger.lnk -> [Ver = | Size = 1885 bytes | Created Date = 11/02/2007 10:26:24 | Attr = ]
Microsoft Office.lnk -> %AllUsersStartup%\Microsoft Office.lnk -> [Ver = | Size = 1730 bytes | Created Date = 11/02/2007 10:26:24 | Attr = ]
WinZip Quick Pick.lnk -> %AllUsersStartup%\WinZip Quick Pick.lnk -> [Ver = | Size = 1518 bytes | Created Date = 11/02/2007 10:26:24 | Attr = ]
services.lnk -> %UserStartup%\services.lnk -> [Ver = | Size = 80 bytes | Created Date = 11/02/2007 10:26:24 | Attr = HS]
ATICIM.INI -> %SystemRoot%\ATICIM.INI -> [Ver = | Size = 1308 bytes | Created Date = 17/02/2007 16:46:59 | Attr = ]
smdat32m.sys -> %SystemRoot%\smdat32m.sys -> [Ver = | Size = 10 bytes | Created Date = 09/02/2007 07:21:20 | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 12/02/2007 09:50:37 | Attr = ]
ati64hl2.stb -> %System32%\ati64hl2.stb -> [Ver = | Size = 22 bytes | Created Date = 17/02/2007 18:33:34 | Attr = ]
ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico -> [Ver = | Size = 2238 bytes | Created Date = 11/02/2007 08:47:24 | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 13/02/2007 12:50:14 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\dumphive.exe:Zone.Identifier ->
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 12/02/2007 09:50:10 | Attr = ]

orion1234
2007-02-18, 18:15
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 13/02/2007 12:50:14 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\Process.exe:Zone.Identifier ->
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 13/02/2007 12:50:14 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\SrchSTS.exe:Zone.Identifier ->
stuninstall.exe -> %System32%\stuninstall.exe -> - [Ver = 3.00.173 | Size = 155648 bytes | Created Date = 05/02/2007 19:28:44 | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 13/02/2007 12:50:14 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swreg.exe:Zone.Identifier ->
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 13/02/2007 12:50:14 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swsc.exe:Zone.Identifier ->
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 13/02/2007 12:50:14 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swxcacls.exe:Zone.Identifier ->
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2914 bytes | Created Date = 13/02/2007 12:51:07 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 12/02/2007 09:50:11 | Attr = ]
wnstscc.exe -> %System32%\wnstscc.exe -> [Ver = | Size = 2 bytes | Created Date = 11/02/2007 04:38:40 | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 839936 bytes | Created Date = 18/02/2007 14:25:33 | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 18/02/2007 14:25:35 | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 27776 bytes | Created Date = 18/02/2007 14:25:35 | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 18/02/2007 15:04:09 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 18/02/2007 14:25:36 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.441 | Size = 18432 bytes | Created Date = 18/02/2007 14:25:36 | Attr = ]

[Files - Modified Within 30 days]
LSWMV.INI -> %SystemDrive%\LSWMV.INI -> [Ver = | Size = 48 bytes | Modified Date = 12/02/2007 04:56:38 | Attr = HS]
RegBackUp.reg -> %SystemDrive%\RegBackUp.reg -> [Ver = | Size = 66322434 bytes | Modified Date = 12/02/2007 05:49:04 | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 83968 bytes | Modified Date = 16/02/2007 00:15:46 | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 6424568 bytes | Modified Date = 18/02/2007 15:14:52 | Attr = H ]
My Sharing Folders.lnk -> %UserDocuments%\My Sharing Folders.lnk -> [Ver = | Size = 562 bytes | Modified Date = 18/02/2007 02:53:04 | Attr = ]
Operations Assistant Job description.doc -> %UserDocuments%\Operations Assistant Job description.doc -> [Ver = | Size = 30208 bytes | Modified Date = 26/01/2007 02:25:00 | Attr = ]
Ad-Aware SE Personal.lnk -> %AllUsersDesktop%\Ad-Aware SE Personal.lnk -> [Ver = | Size = 841 bytes | Modified Date = 12/02/2007 08:24:16 | Attr = ]
ATI Catalyst Control Center.lnk -> %AllUsersDesktop%\ATI Catalyst Control Center.lnk -> [Ver = | Size = 1895 bytes | Modified Date = 16/02/2007 20:45:46 | Attr = ]
AVG 7.5.lnk -> %AllUsersDesktop%\AVG 7.5.lnk -> [Ver = | Size = 1532 bytes | Modified Date = 18/02/2007 14:25:38 | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 849 bytes | Modified Date = 18/02/2007 15:04:12 | Attr = ]
iTunes.lnk -> %AllUsersDesktop%\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 24/01/2007 20:28:56 | Attr = ]
Registry Mechanic.lnk -> %AllUsersDesktop%\Registry Mechanic.lnk -> [Ver = | Size = 738 bytes | Modified Date = 18/02/2007 05:06:00 | Attr = ]
Second Life.lnk -> %AllUsersDesktop%\Second Life.lnk -> [Ver = | Size = 710 bytes | Modified Date = 04/02/2007 18:20:42 | Attr = ]
Windows Live Messenger.lnk -> %AllUsersDesktop%\Windows Live Messenger.lnk -> [Ver = | Size = 1736 bytes | Modified Date = 09/02/2007 14:41:24 | Attr = ]
aawsepersonal.exe -> %UserDesktop%\aawsepersonal.exe -> [Ver = | Size = 2855080 bytes | Modified Date = 12/02/2007 08:23:54 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\aawsepersonal.exe:Zone.Identifier ->
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 2.00.0008 | Size = 47104 bytes | Modified Date = 12/02/2007 05:44:32 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier ->
avg75free_441a944.exe -> %UserDesktop%\avg75free_441a944.exe -> [Ver = | Size = 19170000 bytes | Modified Date = 12/02/2007 05:39:44 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avg75free_441a944.exe:Zone.Identifier ->
avgas-setup-7.5.0.50.exe -> %UserDesktop%\avgas-setup-7.5.0.50.exe -> [Ver = | Size = 6469352 bytes | Modified Date = 18/02/2007 15:03:56 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-setup-7.5.0.50.exe:Zone.Identifier ->
avgas-signatures-full-current.exe -> %UserDesktop%\avgas-signatures-full-current.exe -> [Ver = | Size = 8304675 bytes | Modified Date = 12/02/2007 05:28:26 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-signatures-full-current.exe:Zone.Identifier ->
avinstall.exe -> %UserDesktop%\avinstall.exe -> PC Tools [Ver = 3.1.0.10 | Size = 16750152 bytes | Modified Date = 12/02/2007 05:20:16 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avinstall.exe:Zone.Identifier ->
combofix.exe -> %UserDesktop%\combofix.exe -> [Ver = 0. 0. 0. 0 | Size = 880702 bytes | Modified Date = 12/02/2007 04:59:54 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\combofix.exe:Zone.Identifier ->
Fixwareout.exe -> %UserDesktop%\Fixwareout.exe -> [Ver = 1.0.0.5 | Size = 494582 bytes | Modified Date = 18/02/2007 12:46:46 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Fixwareout.exe:Zone.Identifier ->
KillBox.zip -> %UserDesktop%\KillBox.zip -> [Ver = | Size = 70487 bytes | Modified Date = 12/02/2007 05:44:46 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\KillBox.zip:Zone.Identifier ->
Norton_Removal_Tool.exe -> %UserDesktop%\Norton_Removal_Tool.exe -> Symantec Corporation [Ver = 2007.2.02.14 | Size = 788064 bytes | Modified Date = 18/02/2007 14:18:46 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Norton_Removal_Tool.exe:Zone.Identifier ->
rminstall.exe -> %UserDesktop%\rminstall.exe -> PC Tools [Ver = 6.0.0.750 | Size = 4956272 bytes | Modified Date = 16/02/2007 06:16:08 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\rminstall.exe:Zone.Identifier ->
SmitfraudFix.zip -> %UserDesktop%\SmitfraudFix.zip -> [Ver = | Size = 699373 bytes | Modified Date = 13/02/2007 12:46:56 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.zip:Zone.Identifier ->
speedupmypc3plb.exe -> %UserDesktop%\speedupmypc3plb.exe -> Uniblue [Ver = SpeedUpMyPC 3.2 | Size = 5359152 bytes | Modified Date = 12/02/2007 19:10:00 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\speedupmypc3plb.exe:Zone.Identifier ->
Spybot - Search & Destroy.lnk -> %UserDesktop%\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 16/02/2007 20:30:54 | Attr = ]
spybotsd14.exe -> %UserDesktop%\spybotsd14.exe -> Safer Networking Limited [Ver = | Size = 5037072 bytes | Modified Date = 16/02/2007 20:30:34 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier ->
Teamspeak 2 RC2.lnk -> %UserDesktop%\Teamspeak 2 RC2.lnk -> [Ver = | Size = 665 bytes | Modified Date = 13/02/2007 22:38:52 | Attr = ]
ts2_client_rc2_2032.exe -> %UserDesktop%\ts2_client_rc2_2032.exe -> [Ver = | Size = 5862994 bytes | Modified Date = 13/02/2007 22:38:34 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ts2_client_rc2_2032.exe:Zone.Identifier ->
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0006 | Size = 90112 bytes | Modified Date = 17/02/2007 18:55:34 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier ->
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 342421 bytes | Modified Date = 18/02/2007 16:00:38 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
ATI CATALYST System Tray.lnk -> %AllUsersStartup%\ATI CATALYST System Tray.lnk -> [Ver = | Size = 1851 bytes | Modified Date = 16/02/2007 20:45:46 | Attr = ]
services.lnk -> %UserStartup%\services.lnk -> [Ver = | Size = 80 bytes | Modified Date = 12/02/2007 04:56:42 | Attr = HS]
ATICIM.INI -> %SystemRoot%\ATICIM.INI -> [Ver = | Size = 1308 bytes | Modified Date = 17/02/2007 16:47:00 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 18/02/2007 15:38:52 | Attr = S]
smdat32m.sys -> %SystemRoot%\smdat32m.sys -> [Ver = | Size = 10 bytes | Modified Date = 09/02/2007 07:23:20 | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 17/02/2007 19:42:54 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 725 bytes | Modified Date = 17/02/2007 19:42:54 | Attr = ]
ati64hl2.stb -> %System32%\ati64hl2.stb -> [Ver = | Size = 22 bytes | Modified Date = 17/02/2007 18:33:36 | Attr = ]
ati64hlp.stb -> %System32%\ati64hlp.stb -> [Ver = | Size = 22 bytes | Modified Date = 17/02/2007 19:45:36 | Attr = ]
ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico -> [Ver = | Size = 2238 bytes | Modified Date = 11/02/2007 08:47:26 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 118952 bytes | Modified Date = 07/02/2007 02:17:52 | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 12/02/2007 09:50:12 | Attr = ]
stuninstall.exe -> %System32%\stuninstall.exe -> - [Ver = 3.00.173 | Size = 155648 bytes | Modified Date = 05/02/2007 19:28:46 | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 2914 bytes | Modified Date = 16/02/2007 17:46:14 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 12/02/2007 09:50:12 | Attr = ]
wnstscc.exe -> %System32%\wnstscc.exe -> [Ver = | Size = 2 bytes | Modified Date = 11/02/2007 08:56:10 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2262 bytes | Modified Date = 15/02/2007 19:59:00 | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 839936 bytes | Modified Date = 18/02/2007 14:25:34 | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 18/02/2007 14:25:36 | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.434 | Size = 27776 bytes | Modified Date = 18/02/2007 14:25:36 | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 18/02/2007 14:25:38 | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.441 | Size = 18432 bytes | Modified Date = 18/02/2007 14:25:38 | Attr = ]

[File String Scan - Non-Microsoft Only]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\aawsepersonal.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 2.00.0008 | Size = 47104 bytes | Modified Date = 12/02/2007 05:44:32 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avg75free_441a944.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-setup-7.5.0.50.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-signatures-full-current.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avinstall.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\combofix.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\combofix.exe -> [Ver = 0. 0. 0. 0 | Size = 880702 bytes | Modified Date = 12/02/2007 04:59:54 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Fixwareout.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\iTunesSetup.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\KillBox.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\KillBox.exe -> Option^Explicit Software vbtechcd@gmail.com [Ver = 2.00.0648 | Size = 73728 bytes | Modified Date = 08/02/2006 03:02:44 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\KillBox.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\Norton_Removal_Tool.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\rminstall.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SmitfraudFix.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\speedupmypc3plb.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\spybotsd14.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\The_Human_Brain_1.pps:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ts2_client_rc2_2032.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier ->
PEC2 , PECompact2 , -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.03.0006 | Size = 90112 bytes | Modified Date = 17/02/2007 18:55:34 | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %SystemRoot%\bet365casino setup.exe:Zone.Identifier ->
UPX! , UPX0 , -> %SystemRoot%\bet365casino setup.exe -> [Ver = | Size = 429085 bytes | Modified Date = 07/08/2005 19:37:20 | Attr = ]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\Betfred Poker setup.exe:Zone.Identifier ->
UPX! , UPX0 , -> %SystemRoot%\Betfred Poker setup.exe -> [Ver = | Size = 191005 bytes | Modified Date = 05/08/2005 09:23:30 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 23/08/2001 12:00:00 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\dumphive.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\Process.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %System32%\SrchSTS.exe:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27/04/2006 16:49:30 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swreg.exe:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29/08/2006 18:43:54 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swsc.exe:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 09/01/2006 09:36:06 | Attr = ]
@Alternate Data Stream - 26 bytes -> %System32%\swxcacls.exe:Zone.Identifier ->
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/2006 05:20:34 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 23/08/2001 12:00:00 | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 23/08/2001 12:00:00 | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.435 | Size = 839936 bytes | Modified Date = 18/02/2007 14:25:34 | Attr = ]
PTech , -> %System32%\drivers\mtlstrm.sys -> Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Modified Date = 03/08/2004 21:41:38 | Attr = ]

< End of report >

orion1234
2007-02-18, 18:16
wow thats a long report! I have to go to work shortly so I'll probably get back to you tomorrow for update:)

thanks for your help

Shaba
2007-02-18, 18:22
Hi

Yes, it's long :)

And now it's confirmed that services.lnk really exists:

services.lnk -> %UserStartup%\services.lnk -> [Ver = | Size = 80 bytes | Created Date = 11/02/2007 10:26:24 | Attr = HS]

Delete this:

C:\Windows\System32\wnstscc.exe

Redo search (I highlighted the most important things):

Please do a search:

Go "Start">"Search">"All Files and Folders"
Enter services.lnk in "All or part of file name"
Select "More advanced options"
Check-mark "Search System Folders","Search hidden files and folders" and "Search subfolders".
Click "Search".

Post path of services.lnk here :)

orion1234
2007-02-18, 18:50
ok, i was unable to delete the file, even in safe mode, the one in system32 folder, it said it was being used by another program. tried in safe mode, to no avail.

looked up services.lnk, and i looked in hidden folders and such. the only thing it came up with were these
component services - modified in 2004 so figured thats not it
services in Documents and settings/all users/programs/administrative tools but that was modified in 2004 also (when i got the pc)
also services in Documents and settings/David/start menu/programs/start up thats on the 12th of this month but its only 1kb and says its a shortcut is this the one?

Shaba
2007-02-18, 18:58
Hi

Yes, shortcut is the one we are looking for :)

That one in system32 folder is windows own and vital file.

Try to delete that shortcut (C:\Documents and settings\David\start menu\programs\start up\services.lnk) in safe mode. Now success?

orion1234
2007-02-19, 13:37
Yay! Success! Ok the services file is deleted. now do i delete Wnstscc.exe? And o4-stratup:services.lnk? in hijackthis?

I should say that the first 2 times my pc booted up i got a warning saying that a file containg windows registry data had to be recovered from a log file, the recovery was successful.

but services.lnk is still gone i checked.

Shaba
2007-02-19, 13:42
Hi

Yes, delete Wnstscc.exe and fix o4-startup:services.lnk? in hijackthis

Reboot and send a fresh HijackThis log :)

orion1234
2007-02-19, 14:30
Hi there, curiously, the o4 start up command was already gone, and i still can't delete Wnstscc.exe as it is still in use by another program, and yes i tried in safe mode too! here is my log

Logfile of HijackThis v1.99.1
Scan saved at 12:29:43, on 19/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\david\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.karoo.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = IC1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/goldfever/goldfever.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Shaba
2007-02-19, 14:37
Hi

Download the Killbox (http://download.bleepingcomputer.com/spyware/KillBox.zip).
Unzip it to the desktop

Double-click Killbox.exe to run it.

Select "Delete on Reboot".
Place the following line (complete path) in bold in the "Full Path of File to Delete" box in Killbox:
C:\Windows\System32\wnstscc.exe
Put a mark next to "Delete on Reboot"
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.

Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

Send:

- a fresh HijackThis log
- kaspersky report

And tell also if that C:\Windows\System32\wnstscc.exe is now gone?

orion1234
2007-02-19, 15:55
KASPERSKY ONLINE SCANNER REPORT
Monday, February 19, 2007 1:52:31 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/02/2007
Kaspersky Anti-Virus database records: 269667
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 62534
Number of viruses found: 11
Number of infected objects: 81 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:47:29

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\david\.jpi_cache\jar\1.0\ar3.jar-78ee691-7fe42ccc.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\david\.jpi_cache\jar\1.0\ar3.jar-78ee691-7fe42ccc.zip ZIP: infected - 1 skipped
C:\Documents and Settings\david\.jpi_cache\jar\1.0\nocheat.jar-67b60e84-7048bea8.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenConnection.s skipped
C:\Documents and Settings\david\.jpi_cache\jar\1.0\nocheat.jar-67b60e84-7048bea8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\david\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\david\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\david\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\david\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\david\Desktop\Unused Desktop Shortcuts\installcasino.exe Infected: not-a-virus:AdWare.Win32.Casino.n skipped
C:\Documents and Settings\david\Desktop\Unused Desktop Shortcuts\SetupCasino.exe Infected: not-a-virus:AdWare.Win32.Casino.w skipped
C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\david\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\david\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\david\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped
C:\RECYCLER\NPROTECT\00000251.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000263.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000327.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000421.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000470.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000524.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000565.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.c skipped
C:\RECYCLER\NPROTECT\00000650.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000760.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000872.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000929.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000991.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001147.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001159.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001195.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001391.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001427.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001662.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001723.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001835.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001837.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001839.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00001846.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\NPROTECT\00001847.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001990.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\NPROTECT\00001991.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc1\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc1\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc10\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc10\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc11\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc12\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc12\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc13\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc14\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc14\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc15\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc15\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc16\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc16\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc17\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc17\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc18\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc19\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc19\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc2\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc2\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc20\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc20\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc21\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc21\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc22\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc22\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc23\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc23\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc24\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc24\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc25\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc25\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc26\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc26\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc27\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc27\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc28\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc28\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc29\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc29\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc3\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc3\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc30\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc30\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc31\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc31\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc32\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc32\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc33\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc33\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc34\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc34\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc35\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc35\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc36\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc36\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc37\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc37\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc38\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc38\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc39\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc39\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc4\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc4\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc40\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc40\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc41\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc41\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc42\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc42\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc43\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc43\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc44\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc45\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc45\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc46\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc46\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc47\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc47\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc48\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc48\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc49\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc49\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc5\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc5\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc50\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc50\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc51\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc51\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc52\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc52\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc53\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc53\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc54\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc54\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc55\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc55\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc56\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc56\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc57\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc57\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc58\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc58\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc59\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc59\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc6\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc6\Update.exe Object is locked

orion1234
2007-02-19, 15:58
C:\RECYCLER\S-1-5-18\Dc60\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc60\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc7\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc7\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc8\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc8\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc9\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AEE6296C-20EE-401F-AAD2-7E53FA704D3A}\RP1\A0003046.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.j skipped
C:\System Volume Information\_restore{AEE6296C-20EE-401F-AAD2-7E53FA704D3A}\RP2\A0006219.ocx Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.c skipped
C:\System Volume Information\_restore{AEE6296C-20EE-401F-AAD2-7E53FA704D3A}\RP2\A0006220.dll Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped
C:\System Volume Information\_restore{AEE6296C-20EE-401F-AAD2-7E53FA704D3A}\RP2\A0006221.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped
C:\System Volume Information\_restore{AEE6296C-20EE-401F-AAD2-7E53FA704D3A}\RP8\change.log Object is locked skipped
C:\WINDOWS\bet365casino setup.exe Infected: not-a-virus:AdWare.Win32.Casino.w skipped
C:\WINDOWS\Betfred Poker setup.exe Infected: not-a-virus:AdWare.Win32.Casino.w skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\gsda.dll Infected: not-a-virus:Downloader.Win32.SpyGame skipped
C:\WINDOWS\RGF2ZSBEZXNib3JvdWdo\asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003313.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003314.ver Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003315.msi Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003316.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003317.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003318.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003319.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003320.CAT Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003321.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003322.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003323.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003324.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003325.ini Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003326.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003327.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003328.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003329.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003330.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003331.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003332.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003333.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003334.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003335.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003336.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003337.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003338.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003339.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003340.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003341.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003342.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003343.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003344.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003345.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003346.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003347.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003348.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003349.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003350.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003351.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003352.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003353.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003354.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003355.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003356.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003357.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003358.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003359.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003360.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003361.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003362.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003363.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003364.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003365.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003366.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003367.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003368.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003369.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003370.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003371.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003372.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003373.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003374.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003375.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003376.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003377.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003378.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003379.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003380.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003381.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003382.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003383.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003384.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003385.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003386.tlb Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003387.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003388.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003389.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003390.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003391.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003392.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003393.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003394.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003395.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003396.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003397.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003398.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003399.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003400.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003401.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003402.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003403.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003404.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003405.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003406.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003407.exe Object is locked skipped

orion1234
2007-02-19, 16:00
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003408.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003409.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003410.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003411.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003412.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003413.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003414.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003415.sys Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003416.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003417.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003418.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003419.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003420.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003421.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003422.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003423.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003424.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003425.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003426.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003427.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003428.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003429.sys Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003430.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003431.com Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003432.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003433.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003434.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003435.ocx Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003436.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003437.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003438.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003439.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003440.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003441.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003442.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003443.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003444.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003445.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003446.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003447.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003448.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003449.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003450.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003451.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003452.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003453.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003454.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003455.tlb Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003456.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003457.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003458.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003459.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003460.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003461.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003462.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003463.msc Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003464.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003465.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003466.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003467.cmd Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003468.mof Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003469.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003470.sys Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003471.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003472.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003473.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003474.msi Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003475.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003476.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003477.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003478.sif Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003479.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003480.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003481.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003482.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003483.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003484.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003485.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003486.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003487.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003488.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003489.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003490.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003491.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003492.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003493.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003494.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003495.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003496.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003497.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003498.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003499.msi Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003500.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003501.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003502.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003503.sif Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003504.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003505.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003506.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003507.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003508.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003509.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003510.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003511.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003512.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003513.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003514.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003515.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003516.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003517.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003518.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003519.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003520.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003521.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003522.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003523.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003524.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003525.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003526.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003527.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003528.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003529.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003530.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003531.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003532.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B

orion1234
2007-02-19, 16:01
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003534.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003535.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003536.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003537.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003538.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003539.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003540.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003541.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003542.sdb Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003543.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003544.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003545.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003546.ini Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003547.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003548.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003549.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003550.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003551.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003552.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003553.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003554.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003555.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003556.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003557.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003558.ini Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003559.ini Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003560.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003561.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003562.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003563.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003564.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003565.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003566.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003567.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003568.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003569.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003570.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003571.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003572.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003573.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003574.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003575.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003576.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003577.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003578.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003579.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003580.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003581.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003582.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003583.wa_ Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003584.wa_ Object is locked skipped

Scan process completed.

orion1234
2007-02-19, 16:03
Logfile of HijackThis v1.99.1
Scan saved at 14:02:12, on 19/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\david\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.karoo.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = IC1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/goldfever/goldfever.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


Ok, the file wnstscc is gone

Ishould also mention that on reboot i was informed that cli.exe encountered a problem and had to close, although the system seems stable

Shaba
2007-02-19, 16:09
Hi

Empty this folder:

C:\Documents and Settings\david\.jpi_cache\jar\1.0

Delete these:

C:\WINDOWS\bet365casino setup.exe
C:\WINDOWS\Betfred Poker setup.exe
C:\WINDOWS\Downloaded Program Files\gsda.dll
C:\WINDOWS\RGF2ZSBEZXNib3JvdWdo
C:\Documents and Settings\david\Desktop\Unused Desktop Shortcuts\installcasino.exe
C:\Documents and Settings\david\Desktop\Unused Desktop Shortcuts\SetupCasino.exe
C:\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe

Empty Recycle Bin

Re-scan with kaspersky

Send:

- a fresh HijackThis log
- kaspersky report

orion1234
2007-02-19, 17:45
Logfile of HijackThis v1.99.1
Scan saved at 15:44:03, on 19/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Documents and Settings\david\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.karoo.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = IC1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/goldfever/goldfever.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Shaba
2007-02-19, 17:57
Hi

How about new kaspersky report? :)

orion1234
2007-02-19, 18:33
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 19, 2007 4:30:44 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/02/2007
Kaspersky Anti-Virus database records: 269774
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 61151
Number of viruses found: 10
Number of infected objects: 80 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:39:34

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\david\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\david\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\david\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\david\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\david\Desktop\Unused Desktop Shortcuts\installcasino.exe Infected: not-a-virus:AdWare.Win32.Casino.n skipped
C:\Documents and Settings\david\Desktop\Unused Desktop Shortcuts\SetupCasino.exe Infected: not-a-virus:AdWare.Win32.Casino.w skipped
C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\david\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\david\Local Settings\History\History.IE5\MSHist012007021920070220\index.dat Object is locked skipped
C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\david\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\david\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped
C:\RECYCLER\NPROTECT\00000251.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000263.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000327.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000421.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000470.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000524.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000565.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.c skipped
C:\RECYCLER\NPROTECT\00000650.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000760.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000872.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000929.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000991.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001147.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001159.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001195.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001391.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001427.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001662.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001723.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001835.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001837.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001839.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00001846.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\NPROTECT\00001847.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001990.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\NPROTECT\00001991.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc1\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc1\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc10\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc10\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc11\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc12\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc12\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc13\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc14\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc14\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc15\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc15\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc16\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc17\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc17\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc18\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc19\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc19\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc2\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc2\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc20\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc20\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc21\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc21\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc22\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc22\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc23\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc23\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc24\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc24\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc25\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc25\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc26\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc26\Update.exe Object is locked skipped

orion1234
2007-02-19, 18:34
C:\RECYCLER\S-1-5-18\Dc27\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc27\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc28\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc28\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc29\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc29\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc3\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc3\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc30\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc30\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc31\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc31\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc32\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc32\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc33\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc33\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc34\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc34\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc35\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc35\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc36\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc36\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc37\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc37\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc38\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc38\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc39\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc39\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc4\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc4\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc40\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc40\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc41\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc41\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc42\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc42\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc43\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc43\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc44\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc45\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc45\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc46\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc46\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc47\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc47\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc48\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc48\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc49\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc49\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc5\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc5\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc50\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc50\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc51\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc51\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc52\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc52\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc53\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc53\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc54\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc54\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc55\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc55\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc56\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc56\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc57\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc57\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc58\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc58\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc59\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc59\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc6\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc6\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc60\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc60\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc7\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc7\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc8\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc8\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc9\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-21-1547161642-436374069-839522115-1005\Dc142.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenConnection.s skipped
C:\RECYCLER\S-1-5-21-1547161642-436374069-839522115-1005\Dc142.zip ZIP: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1547161642-436374069-839522115-1005\Dc202.exe Infected: not-a-virus:AdWare.Win32.Casino.w skipped
C:\RECYCLER\S-1-5-21-1547161642-436374069-839522115-1005\Dc7.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\RECYCLER\S-1-5-21-1547161642-436374069-839522115-1005\Dc7.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AEE6296C-20EE-401F-AAD2-7E53FA704D3A}\RP1\A0003046.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.j skipped
C:\System Volume Information\_restore{AEE6296C-20EE-401F-AAD2-7E53FA704D3A}\RP2\A0006219.ocx Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.c skipped
C:\System Volume Information\_restore{AEE6296C-20EE-401F-AAD2-7E53FA704D3A}\RP2\A0006220.dll Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped
C:\System Volume Information\_restore{AEE6296C-20EE-401F-AAD2-7E53FA704D3A}\RP2\A0006221.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped
C:\System Volume Information\_restore{AEE6296C-20EE-401F-AAD2-7E53FA704D3A}\RP8\A0015049.exe Object is locked skipped
C:\System Volume Information\_restore{AEE6296C-20EE-401F-AAD2-7E53FA704D3A}\RP8\change.log Object is locked skipped
C:\WINDOWS\Betfred Poker setup.exe Infected: not-a-virus:AdWare.Win32.Casino.w skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\RGF2ZSBEZXNib3JvdWdo\asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003313.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003314.ver Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003315.msi Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003316.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003317.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003318.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003319.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003320.CAT Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003321.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003322.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003323.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003324.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003325.ini Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003326.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003327.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003328.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003329.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003330.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003331.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003332.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003333.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003334.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003335.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003336.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003337.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003338.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003339.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003340.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003341.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003342.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003343.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003344.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003345.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003346.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003347.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003348.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003349.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003350.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003351.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003352.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003353.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003354.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003355.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003356.dll Object is locked skipped

orion1234
2007-02-19, 18:35
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003357.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003358.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003359.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003360.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003361.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003362.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003363.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003364.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003365.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003366.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003367.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003368.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003369.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003370.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003371.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003372.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003373.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003374.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003375.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003376.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003377.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003378.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003379.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003380.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003381.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003382.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003383.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003384.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003385.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003386.tlb Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003387.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003388.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003389.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003390.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003391.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003392.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003393.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003394.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003395.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003396.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003397.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003398.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003399.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003400.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003401.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003402.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003403.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003404.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003405.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003406.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003407.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003408.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003409.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003410.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003411.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003412.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003413.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003414.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003415.sys Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003416.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003417.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003418.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003419.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003420.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003421.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003422.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003423.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003424.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003425.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003426.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003427.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003428.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003429.sys Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003430.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003431.com Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003432.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003433.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003434.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003435.ocx Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003436.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003437.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003438.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003439.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003440.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003441.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003442.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003443.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003444.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003445.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003446.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003447.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003448.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003449.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003450.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003451.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003452.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003453.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003454.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003455.tlb Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003456.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003457.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003458.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003459.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003460.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003461.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003462.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003463.msc Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003464.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003465.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003466.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003467.cmd Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003468.mof Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003469.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003470.sys Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003471.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003472.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003473.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003474.msi Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003475.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003476.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003477.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003478.sif Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003479.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003480.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003481.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003482.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003483.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003484.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003485.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003486.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003487.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003488.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003489.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003490.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003491.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003492.exe Object is locked skipped

orion1234
2007-02-19, 18:37
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003493.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003494.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003495.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003496.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003497.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003498.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003499.msi Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003500.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003501.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003502.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003503.sif Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003504.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003505.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003506.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003507.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003508.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003509.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003510.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003511.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003512.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003513.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003514.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003515.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003516.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003517.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003518.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003519.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003520.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003521.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003522.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003523.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003524.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003525.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003526.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003527.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003528.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003529.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003530.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003531.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003532.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003533.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003534.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003535.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003536.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003537.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003538.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003539.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003540.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003541.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003542.sdb Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003543.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003544.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003545.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003546.ini Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003547.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003548.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003549.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003550.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003551.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003552.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003553.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003554.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003555.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003556.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003557.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003558.ini Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003559.ini Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003560.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003561.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003562.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003563.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003564.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003565.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003566.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003567.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003568.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003569.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003570.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003571.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003572.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003573.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003574.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003575.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003576.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003577.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003578.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003579.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003580.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003581.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003582.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003583.wa_ Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003584.wa_ Object is locked skipped

Scan process completed.
I should say that the file with all the alpha numerics didnt seem to exist, i checked all folders hidden and otherwise aswell as the path you gave.

the others i deleted apart from the betfred stuff cause i use that program (am avid poker player):)

Shaba
2007-02-19, 19:44
Hi

Well, that does exist :) It just might be superhidden.

Save text below as remcmd.bat on Notepad to desktop (save it as all files, *.*):

@ECHO OFF
attrib -r -h C:\WINDOWS\RGF2ZSBEZXNib3JvdWdo\*.*
del /a /f /q C:\WINDOWS\RGF2ZSBEZXNib3JvdWdo\*.*
RD /s /q "C:\WINDOWS\RGF2ZSBEZXNib3JvdWdo"

Doubleclick remcmd.bat on desktop, click yes and ok; black dos windows will flash, that's normal.

Re-scan with kaspersky

Send:

- a fresh HijackThis log
- kaspersky report

orion1234
2007-02-20, 17:23
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 19, 2007 6:58:56 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/02/2007
Kaspersky Anti-Virus database records: 270293
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 61170
Number of viruses found: 10
Number of infected objects: 80 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:40:15

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\david\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\david\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\david\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\david\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\david\Desktop\Unused Desktop Shortcuts\installcasino.exe Infected: not-a-virus:AdWare.Win32.Casino.n skipped
C:\Documents and Settings\david\Desktop\Unused Desktop Shortcuts\SetupCasino.exe Infected: not-a-virus:AdWare.Win32.Casino.w skipped
C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\david\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\david\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\david\Local Settings\History\History.IE5\MSHist012007021920070220\index.dat Object is locked skipped
C:\Documents and Settings\david\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\david\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\david\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped
C:\RECYCLER\NPROTECT\00000251.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000263.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000327.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000421.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000470.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000524.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000565.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.c skipped
C:\RECYCLER\NPROTECT\00000650.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000760.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000872.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000929.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00000991.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001147.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001159.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001195.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001391.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001427.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001662.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001723.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001835.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001837.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001839.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00001846.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\NPROTECT\00001847.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00001990.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\NPROTECT\00001991.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc1\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc1\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc10\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc10\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc11\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc12\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc12\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc13\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc14\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc14\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc15\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc15\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc16\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc17\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc17\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc18\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc19\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc19\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc2\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc2\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc20\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc20\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc21\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc21\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc22\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc22\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc23\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc23\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc24\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc24\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc25\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc25\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc26\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc26\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc27\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc27\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc28\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc28\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc29\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc29\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc3\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc3\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc30\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc30\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc31\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc31\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc32\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc32\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc33\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc33\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc34\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc34\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc35\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc35\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc36\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc36\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc37\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc37\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc38\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc38\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc39\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc39\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc4\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc4\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc40\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc40\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc41\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc41\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc42\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc42\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc43\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc43\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc44\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc45\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc45\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc46\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc46\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc47\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc47\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc48\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc48\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc49\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc49\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc5\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc5\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc50\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc50\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc51\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc51\Update.exe Object is locked skipped

orion1234
2007-02-20, 17:24
C:\RECYCLER\S-1-5-18\Dc52\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc52\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc53\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc53\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc54\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc54\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc55\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc55\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc56\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc56\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc57\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc57\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc58\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc58\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc59\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc59\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc6\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc6\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc60\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc60\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc7\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc7\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc8\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-18\Dc8\Update.exe Object is locked skipped
C:\RECYCLER\S-1-5-18\Dc9\system.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\RECYCLER\S-1-5-21-1547161642-436374069-839522115-1005\Dc142.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenConnection.s skipped
C:\RECYCLER\S-1-5-21-1547161642-436374069-839522115-1005\Dc142.zip ZIP: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1547161642-436374069-839522115-1005\Dc202.exe Infected: not-a-virus:AdWare.Win32.Casino.w skipped
C:\RECYCLER\S-1-5-21-1547161642-436374069-839522115-1005\Dc7.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\RECYCLER\S-1-5-21-1547161642-436374069-839522115-1005\Dc7.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AEE6296C-20EE-401F-AAD2-7E53FA704D3A}\RP1\A0003046.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.j skipped
C:\System Volume Information\_restore{AEE6296C-20EE-401F-AAD2-7E53FA704D3A}\RP2\A0006219.ocx Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.c skipped
C:\System Volume Information\_restore{AEE6296C-20EE-401F-AAD2-7E53FA704D3A}\RP2\A0006220.dll Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped
C:\System Volume Information\_restore{AEE6296C-20EE-401F-AAD2-7E53FA704D3A}\RP2\A0006221.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.f skipped
C:\System Volume Information\_restore{AEE6296C-20EE-401F-AAD2-7E53FA704D3A}\RP8\A0015049.exe Object is locked skipped
C:\System Volume Information\_restore{AEE6296C-20EE-401F-AAD2-7E53FA704D3A}\RP8\A0017049.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{AEE6296C-20EE-401F-AAD2-7E53FA704D3A}\RP8\change.log Object is locked skipped
C:\WINDOWS\Betfred Poker setup.exe Infected: not-a-virus:AdWare.Win32.Casino.w skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003313.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003314.ver Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003315.msi Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003316.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003317.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003318.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003319.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003320.CAT Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003321.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003322.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003323.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003324.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003325.ini Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003326.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003327.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003328.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003329.dll Object is locked skipped

orion1234
2007-02-20, 17:25
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003330.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003331.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003332.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003333.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003334.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003335.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003336.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003337.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003338.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003339.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003340.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003341.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003342.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003343.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003344.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003345.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003346.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003347.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003348.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003349.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003350.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003351.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003352.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003353.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003354.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003355.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003356.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003357.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003358.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003359.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003360.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003361.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003362.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003363.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003364.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003365.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003366.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003367.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003368.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003369.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003370.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003371.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003372.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003373.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003374.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003375.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003376.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003377.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003378.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003379.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003380.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003381.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003382.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003383.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003384.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003385.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003386.tlb Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003387.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003388.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003389.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003390.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003391.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003392.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003393.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003394.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003395.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003396.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003397.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003398.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003399.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003400.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003401.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003402.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003403.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003404.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003405.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003406.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003407.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003408.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003409.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003410.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003411.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003412.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003413.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003414.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003415.sys Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003416.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003417.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003418.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003419.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003420.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003421.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003422.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003423.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003424.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003425.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003426.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003427.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003428.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003429.sys Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003430.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003431.com Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003432.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003433.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003434.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003435.ocx Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003436.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003437.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003438.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003439.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003440.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003441.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003442.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003443.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003444.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003445.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003446.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003447.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003448.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003449.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003450.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003451.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003452.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003453.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003454.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003455.tlb Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003456.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003457.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003458.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003459.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003460.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003461.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003462.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003463.msc Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003464.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003465.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003466.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003467.cmd Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003468.mof Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003469.dll Object is locked skipped

orion1234
2007-02-20, 17:26
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003470.sys Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003471.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003472.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003473.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003474.msi Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003475.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003476.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003477.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003478.sif Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003479.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003480.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003481.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003482.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003483.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003484.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003485.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003486.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003487.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003488.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003489.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003490.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003491.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003492.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003493.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003494.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003495.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003496.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003497.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003498.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003499.msi Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003500.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003501.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003502.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003503.sif Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003504.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003505.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003506.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003507.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003508.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003509.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003510.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003511.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003512.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003513.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003514.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003515.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003516.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003517.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003518.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003519.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003520.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003521.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003522.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003523.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003524.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003525.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003526.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003527.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003528.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003529.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003530.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003531.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003532.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003533.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003534.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003535.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003536.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003537.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003538.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003539.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003540.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003541.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003542.sdb Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003543.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003544.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003545.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003546.ini Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003547.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003548.inf Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003549.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003550.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003551.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003552.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003553.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003554.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003555.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003556.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003557.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003558.ini Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003559.ini Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003560.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003561.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003562.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003563.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003564.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003565.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003566.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003567.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003568.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003569.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003570.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003571.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003572.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003573.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003574.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003575.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003576.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003577.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003578.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003579.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003580.cat Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003581.exe Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003582.dll Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003583.wa_ Object is locked skipped
D:\System Volume Information\_restore{AB0BD23C-2FE6-42F3-8C7A-3035DBA2B7A8}\RP4\A0003584.wa_ Object is locked skipped

Scan process completed.

orion1234
2007-02-20, 17:28
Logfile of HijackThis v1.99.1
Scan saved at 15:26:42, on 20/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\david\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.karoo.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = IC1:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/goldfever/goldfever.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

I made the little bat file like you said and double clicked it, i wasnt prompted to click yes or ok, but the little black dos window did flash up briefly.

Shaba
2007-02-20, 17:30
Hi

Logs look good.

How are things running now?

orion1234
2007-02-20, 17:41
Hiya, Everythings running fine. But it was before to be honest. However i still have this persistent memory dump problem. Any program that scans the registry causes it. Adaware, spybot and registry mechanic all cause BSOD with memory dump. I have never had this problem before until the day i got the virus. Is it possible that the virus could have changed some system memory option? and i just need to change it back? A couple of times when spybot managed to get past 20000 definitions it came up with "5 commands" in the fix box. i stopped the scan and it said it couldnt fix them and asked to run on reboot. so i clicked ok and it restarted. but then it didnt get far enough on the reboot, BSOD again. :spider:

Shaba
2007-02-20, 17:46
Hi

What's your cpu temperature?

orion1234
2007-02-20, 17:55
sorry how do i check that?

Shaba
2007-02-20, 17:59
Hi

Use everest (http://www.filehippo.com/download_everest_home/) :)

orion1234
2007-02-20, 18:10
CPU at 50 degrees celsius

but TBH i run high demand games without a problem so...

Shaba
2007-02-20, 18:14
Hi

Ok, that's fine

Your registry might be corrupted, but let's check your RAM first

Try memtest (http://www.memtest86.com/) and tell how it went :)

Shaba
2007-03-01, 20:08
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.