View Full Version : Another smitfraud-c.toolbar888
Hi, We have had this menace infecting our home computer for about a week now. I have tried a lot of things myself to get rid of it, and looked up a number of previous threads, all of which has convinced me that I need some specialist help to get rid of this thing. I hope I have followed the "Before you post" instructions correcty, so here goes:
Ran eTrust Antivirus scan, results:
Scan Results: 106378 files scanned. 7 viruses were detected.
File Infection Status Path
oo.exe Win32/SillyIM.B deleted C:\Documents and Settings\Lilian\
awtuttq.dll Win32/Chisyne!generic deleted C:\WINDOWS\system32\
rqrpnll.dll Win32/Chisyne!generic deleted C:\WINDOWS\system32\
rqrstsp.dll Win32/Chisyne!generic cannot delete C:\WINDOWS\system32\
ssqnmmj.dll Win32/Chisyne!generic deleted C:\WINDOWS\system32\
tuvwxww.dll Win32/Chisyne!generic deleted C:\WINDOWS\system32\
urqqnki.dll Win32/Chisyne!generic deleted C:\WINDOWS\system32\
Then rebooted in safe mode and ran Spybot S&D, which found smitfraud-c.toolbar888 and some tracking cookies all of which were deleted.
Then ran HJT and this is the log:
Logfile of HijackThis v1.99.1
Scan saved at 23:11:30, on 27/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\AVerTV 6.0\AVerQT.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Dave\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\uhxndjqc.dll",realset
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV 6.0\AVerQT.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
I very much hope someone can help.
Hi Scarthy
You are running HijackThis from temp folder and it's crucial for backups.
Use this (http://downloads.malwareremoval.com/hijackthis_sfx.exe) link to get HijackThis.
Save it to your desktop and then double-click to run it.
It will install the program in c:\program files\HijackThis.
Browse to that location with windows explorer, rename HijackThis.exe to scanner.exe and double click on the scanner.exe program to run. Choose the 'Do a system scan and save a logfile'
That will allow you to save the log to the desktop (or some other place) and leave open a notepad file with the HijackThis log in it.
Now post your HijackThis log into this topic.
Hi Shaba,
First of all, many thanks for your help with this and thanks for the quick response. As you instructed, I downloaded HJT from the link supplied to the desktop and then opened it. It is now in C:\Program Files\HijackThis and has been renamed "Scanner". Here are the scan results:
Logfile of HijackThis v1.99.1
Scan saved at 17:40:22, on 28/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVerTV 6.0\AVerQT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {80440127-2315-4464-88B9-7ACB72F43ADB} - C:\WINDOWS\system32\rqrstsp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AFF20625-D3EC-4C6A-9031-49986C08BE59} - C:\WINDOWS\system32\gebcy.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\jtcvejql.dll
O2 - BHO: (no name) - {E737804F-0E8C-4E99-963C-67C0CF0C2A54} - C:\WINDOWS\system32\npanyxtp.dll
O2 - BHO: (no name) - {F02E5525-C3BB-489E-949D-1F191F5A4238} - C:\WINDOWS\system32\gebcy.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\uhxndjqc.dll",realset
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV 6.0\AVerQT.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: gebcy - C:\WINDOWS\system32\gebcy.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: rqrstsp - C:\WINDOWS\SYSTEM32\rqrstsp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Hope this is what you need. Thanks again for the assistance.
Hi
Yes, it's fine :)
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
Hi Shaba,
This is the vundofix.txt:
VundoFix V6.3.20
Checking Java version...
Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.
Scan started at 18:06:23 28/04/2007
Listing files found while scanning....
C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\rqrstsp.dll
C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.bak2
C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\ycbeg.ini2
C:\WINDOWS\system32\ycbeg.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\system32\gebcy.dll
C:\WINDOWS\system32\gebcy.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqrstsp.dll
C:\WINDOWS\system32\rqrstsp.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ycbeg.bak1
C:\WINDOWS\system32\ycbeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ycbeg.bak2
C:\WINDOWS\system32\ycbeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ycbeg.ini
C:\WINDOWS\system32\ycbeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ycbeg.ini2
C:\WINDOWS\system32\ycbeg.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\ycbeg.tmp
C:\WINDOWS\system32\ycbeg.tmp Has been deleted!
Performing Repairs to the registry.
Done!
And this is the HJT log after the Vundofix reboot:
Logfile of HijackThis v1.99.1
Scan saved at 18:19:37, on 28/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\AVerTV 6.0\AVerQT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AFF20625-D3EC-4C6A-9031-49986C08BE59} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\jtcvejql.dll
O2 - BHO: (no name) - {E737804F-0E8C-4E99-963C-67C0CF0C2A54} - C:\WINDOWS\system32\npanyxtp.dll
O2 - BHO: (no name) - {F02E5525-C3BB-489E-949D-1F191F5A4238} - C:\WINDOWS\system32\gebcy.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\uhxndjqc.dll",realset
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV 6.0\AVerQT.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Thanks again.
Hi
Open HijackThis, click do a system scan only and checkmark these:
O2 - BHO: (no name) - {AFF20625-D3EC-4C6A-9031-49986C08BE59} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: (no name) - {D651AFF4-9590-424d-BD1E-8E33E090DFB3} - C:\WINDOWS\system32\jtcvejql.dll
O2 - BHO: (no name) - {E737804F-0E8C-4E99-963C-67C0CF0C2A54} - C:\WINDOWS\system32\npanyxtp.dll
O2 - BHO: (no name) - {F02E5525-C3BB-489E-949D-1F191F5A4238} - C:\WINDOWS\system32\gebcy.dll (file missing)
O4 - HKLM\..\Run: [InfoData] rundll32.exe "C:\WINDOWS\system32\uhxndjqc.dll",realset
Close all windows including browser and press fix checked
Reboot
Delete if present:
C:\WINDOWS\system32\jtcvejql.dll
C:\WINDOWS\system32\npanyxtp.dll
C:\WINDOWS\system32\uhxndjqc.dll
Empty Recycle Bin
Post a fresh HijackThis log.
Hi Shaba,
OK - I ran HJT and found, checked and deleted all the items in your last post.
Then deleted:
C:\WINDOWS\system32\npanyxtp.dll
C:\WINDOWS\system32\uhxndjqc.dll
I could not find:
C:\WINDOWS\system32\jtcvejql.dll
Emptied the Recycle Bin and ran HJT again. Here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 19:58:00, on 28/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\AVerTV 6.0\AVerQT.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV 6.0\AVerQT.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
I need to get off line now for a few hours but will pick up your reply when you are able to respond. I think that your help has been fantastic - many, many thanks.
Hi
Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.
Post:
- a fresh HijackThis log
- kaspersky report
Hi Shaba,
I followed your latest instructions and here is the latest HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 21:29:37, on 29/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\AVerTV 6.0\AVerQT.exe
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV 6.0\AVerQT.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
The Kaspersky log will follow in separate posts - it's big.
Here's a strange thing; I run an automated scan every week using Norton Anti Virus. This is a "full scan" of all files and folders, and I recall that it used to run for over an hour and scan 100,000 plus files. It ran today and stopped after 5 mins having scanned 15,102 files. You will see that Kaspersky scanned 114,000 objects. Could NAV have been corrupted by the virus on my machine?
I continue to be very grateful for your expertise and assistance. There is no way I could ever sort this out without your help.
Here is the Kaspersky log - part 1:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 29, 2007 9:20:28 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 29/04/2007
Kaspersky Anti-Virus database records: 307263
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics:
Total number of scanned objects: 114883
Number of viruses found: 13
Number of infected objects: 59
Number of suspicious objects: 0
Duration of the scan process: 01:11:50
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3edbae5663951087082ffa0c757fe726_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b84a1a54d45875c0839c19956ee0e620_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04202007-224833.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01740000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01740001\477DCDE9.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01880000.VBN Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01880001\47AE6877.VBN Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01880002\47AE7C25.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01880003.VBN Infected: Trojan.Win32.BHO.g skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08A40000\4EAD2577.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AF80000\4EF94624.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BFC0000\4FFD125E.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140000\4E3DE5D6.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140001\4E3FA30A.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C140002\4E3FB7E1.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CA00000\4EB206EC.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CC00000\4EEE36EA.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80000\4FED0782.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80001\4FED0CC9.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DC80002\4FED0CDA.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD00000\4FF94801.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E240000\4E2E4CB1.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E240001\4E2E60E5.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E240002\4E2E613C.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E240003\4E2E6778.VBN Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E440000.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F380000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F380001\4F391D3C.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F380002\4F391EF3.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F380003\4F392214.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F380004\4F392350.VBN Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FA00000\4FABDAAA.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_817080323_1179648_71260 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBEBA.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{0F3BF559-A4AF-4DC8-AD44-17991A9E7D1B}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{849DBA5E-0E14-4FF4-A101-B42D2C1C227C}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\Dave\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Dave\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{87037662-B776-41BB-9DB9-B6A54F2AAE27} Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Temp\~DFBF18.tmp Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Temp\~DFBF23.tmp Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dave\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Lilian\net.exe/data0003 Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\Documents and Settings\Lilian\net.exe NSIS: infected - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Adobe\Acrobat\7.0\Collab\RSS Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Adobe\Acrobat\7.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Corel\Paint Shop Pro\10\Cache\CMD.PspCache Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Corel\Paint Shop Pro\10\Cache\Gradients.PspCache Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Corel\Paint Shop Pro\10\Cache\MYPICTURES.jbf Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Corel\Paint Shop Pro\10\Cache\Patterns.PspCache Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Corel\Paint Shop Pro\10\Cache\Swatches.PspCache Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Corel\Paint Shop Pro\10\Cache\Textures.PspCache Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Corel\Paint Shop Pro\10\Cache\USE.PspCache Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Corel Photo Album\6\ixdb.mdb Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Creative\Media Database\PCML_1.dpm Object is locked skipped
C:\Documents and Settings\Viv\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Google\Local Search History\google%2Eimages.w Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Google\Local Search History\google%2Eweb.w Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\gtny\4EC308F4-A9FC-4be8-BA18-75066D6256D5_CONFIRM.cache Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\gtny\gtuser.cfg Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\persist.cfg Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\persist.cfg Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch3\persist.cfg Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch4\persist.cfg Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\AUCommon.cfg Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_2.log Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSBrws.log Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Address Book\Viv.wab Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Address Book\Viv.wab~ Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.cch Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.old Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
Part 2:
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\5C8DDA36D60247082B142836039F4636 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\DC2135CED98D8A4D7C0CEE202BB0B810 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\F5A17C00E427F919C4A49EEF5AD0EE53 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\5C8DDA36D60247082B142836039F4636 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\DC2135CED98D8A4D7C0CEE202BB0B810 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\F5A17C00E427F919C4A49EEF5AD0EE53 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2745342383-3274651719-1657546949-1006\f77024af72bb17b4a6ecb43c18e70e89_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\eHome\ehshell.config Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL 9.0.lnk Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\UserData\index.dat Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Media Player\063CCB8A.wpl Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\MSO1033.acl Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\MSO2057.acl Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\8.1 EMPATHY.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\8.1 EMPATHY2.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\8.5 LTD OMNISCIENT.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\8.5 OBJECTIVE.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\8.5 OMNISCIENT.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\8.6 WRITER.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\8.7 CLOWN.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\COMMENTARY02.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\DEPARTURE.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\DORA.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\eTMAs.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\INFATUATION.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\MARKED TMA01 Part 1.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\My Documents.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\Normal.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\NOTEBOOK- Letting Go.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\Notebook.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\Open University.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\Paranoid Doctor & Exuberant Waiter.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\REFLECTION.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\Templates.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\THE CROSS.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\TMA01 Marked.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\TMA01 Part 1 - LETTING GO.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\TMA01 Part 1.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\TMA01 Part 2 - THE TRICYCLE.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\TMA01 Part 3 - REFLECTION.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\TMA01 Parts 1,2,3.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\WAITER.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Word.pip Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Proof\CUSTOM.DIC Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Protect\S-1-5-21-2745342383-3274651719-1657546949-1006\0de75ec4-b85b-497e-8932-4f537e464f57 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Protect\S-1-5-21-2745342383-3274651719-1657546949-1006\c2eae65e-6bef-4211-9c18-3dda1ae54f52 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Protect\S-1-5-21-2745342383-3274651719-1657546949-1006\c2fd440f-25a9-4250-bcc5-ff3b48faf17c Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Protect\S-1-5-21-2745342383-3274651719-1657546949-1006\Preferred Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Protect\S-1-5-21-2745342383-3274651719-1657546949-500\527b8f52-3580-4f31-8ad8-65cda6da8f9b Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Protect\S-1-5-21-2745342383-3274651719-1657546949-500\Preferred Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Shoebox\user.sbc Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Shoebox\user.SBT Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Templates\~WRL0003.tmp Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\WLTB Custom Buttons\microsoft.msn.mymsn.btn\button.xml Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\WLTB Custom Buttons\microsoft.msn.mymsn.btn\msn.bmp Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\WLTB Custom Buttons\microsoft.windowslive.addbtn.btn\add.bmp Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\WLTB Custom Buttons\microsoft.windowslive.addbtn.btn\button.xml Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\WLTB Custom Buttons\microsoft.windowslive.news.btn\button.xml Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\WLTB Custom Buttons\microsoft.windowslive.news.btn\news.bmp Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Word\~WRA0951.wbk Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Word\~WRA4065.wbk Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Real\RealMediaSDK\c0a80100.txt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Real\RealPlayer\norestore.ste Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Real\RealPlayer\realplayer.ste Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Real\RealPlayer\skins\data\normal\imgcache.dat Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Real\RealPlayer\skins\data\normal\state.ini Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\AppletProxy.jar-7cfb8d00-33081f07.idx Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\AppletProxy.jar-7cfb8d00-33081f07.zip Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\holomatix.jar-4606c704-46e0cbf2.idx Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\holomatix.jar-4606c704-46e0cbf2.zip Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Sun\Java\Deployment\deployment.properties Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Sun\Java\Deployment\log\plugin142_03.trace Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\DM\DEVREP\devrep.xml Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\DM\DEVREP\devrepSchema.xdr Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\Application logs\applauncher_all_log.txt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\Application logs\capman_all_log.txt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\Application logs\DM_log.txt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificMPM_log.txt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt.1 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt.2 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt.3 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt.4 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\teleca_common_log.txt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\tlib.info Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\tlib.init Object is locked skipped
Part 3 :
C:\Documents and Settings\Viv\Cookies\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@2every[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@65.243.103[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@65.243.103[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@89.188.16[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@89.188.16[3].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@cpvfeed[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@ercva[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@gallery.live[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@google.co[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@google[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@learn.open.ac[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@m.webtrends[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@map[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@microsoft[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@mydebtsolution.co[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@open.ac[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@passionmatches[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@rad.microsoft[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@rad.msn[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@sdc.windowsmarketplace[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@sdc.windowsmarketplace[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@updates.installshield[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@updateservice.sonic[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@windowsmarketplace[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@www.openuniversity.co[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@www.yourdebts.co[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@yourdebts.co[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Desktop\Media Center.lnk Object is locked skipped
C:\Documents and Settings\Viv\Desktop\Microsoft Word.lnk Object is locked skipped
C:\Documents and Settings\Viv\Desktop\Shortcut to Open University.lnk Object is locked skipped
C:\Documents and Settings\Viv\Desktop\Spyware Protection from AOL.lnk Object is locked skipped
C:\Documents and Settings\Viv\Desktop\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Viv\Favorites\BBC - Radio 4 - The Lopsided Universe.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Dell\Dell.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Dell\Support.Dell.Com.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Links\RealPlayer.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Media\Real.com Radio Tuner.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Microsoft Websites\IE Add-on site.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Microsoft Websites\IE site on Microsoft.com.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Microsoft Websites\Marketplace.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Microsoft Websites\Microsoft At Home.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Microsoft Websites\Microsoft At Work.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Microsoft Websites\Welcome to IE7.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\RealPlayer Home Page.url Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\AcroFnt07.lst Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Adobe\Color\ACECache4.lst Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\InC19.exe.9f09ee1b.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\InC30.exe.68135990.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\InC3B.exe.ac3de7c2.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.385e8e6d.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\BVRP Software\Modem On Hold\moh.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\10.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\11.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\12.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\13.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\14.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\15.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\16.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\17.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\18.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\19.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\2.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\20.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\21.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\22.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\23.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\24.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\25.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\26.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\27.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\28.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\29.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\3.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\30.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\31.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\32.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\33.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\34.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\35.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\36.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\37.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\38.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\39.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\4.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\40.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\41.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\42.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\43.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\44.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\45.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\46.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\47.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\48.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\49.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\5.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\6.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\7.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\8.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\9.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\mru.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\fusioncache.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Outbox.dbx Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds Cache\5IA33XXW\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds Cache\7HE5JOO9\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds Cache\7HE5JOO9\fwlink[1] Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds Cache\EMAHL9HM\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds Cache\SHTEP4YA\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds Cache\SHTEP4YA\fwlink[1] Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\HelpCtr\HelpSessionHistory.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Media Player\wmdbexport.xml Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Media Player\wmpfolders.wmdb Object is locked skipped
Part 4:
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Works\Portfolio\Sample.wsb Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\01262007.Log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\02022007.Log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\02092007.Log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04202007.Log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04242007.Log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04252007.Log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04262007.Log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\10062006.Log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\1033.MST Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\History\History.IE5\MSHist012007042420070425\index.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\History\History.IE5\MSHist012007042520070426\index.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\History\History.IE5\MSHist012007042620070427\index.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\2ef7_appcompat.txt Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\7200_appcompat.txt Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\AUInst.log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\control.xml Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\d1a9_appcompat.txt Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\fla94.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\gtb79.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\InC19.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\InC30.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\InC3B.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\InstallChannel.log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\jusched.log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\mcu1F.tmp\McAppIns.exe Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\mcu1F.tmp\mcinsres.dll Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\mcu1F.tmp\UpdReq.mcaf Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\mcu1F.tmp\UpdResp.mcaf Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\mcuD.tmp\UpdReq.mcaf Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\mcuD.tmp\UpdResp.mcaf Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\mcuD.tmp\vso\47694770.upm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\mcuD.tmp\vso\mcdelta.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\MSI31786.LOG Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\MSI59e6c.LOG Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\MSI5baad.LOG Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\qdiagd.log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\qdiagd_2.log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\TWAIN.LOG Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\Twain001.Mtx Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\VGXD.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.msn.mymsn.btn upgrade status Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 0 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 1 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 3 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn upgrade status Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 0 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 1 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 2 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 3 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 4 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 5 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 6 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 7 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn upgrade status Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\~WRF0000.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\~WRF0001.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\~WRF0002.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\~WRF0003.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\~WRF0004.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\~WRS0005.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\My Documents\AIR PRODUCTS.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\AVerTV\Viv.ini Object is locked skipped
C:\Documents and Settings\Viv\My Documents\AVerTV\Viv.xml Object is locked skipped
C:\Documents and Settings\Viv\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Music\Corel Sample Music\Classical Interlude 1.mp3 Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Music\Corel Sample Music\Jazz Groove.mp3 Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Music\Corel Sample Music\Piano Blues 1.mp3 Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Pictures\CopyLFAlnmouth.jpg Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Pictures\F+L at Worthing.mix Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Pictures\Littlehampton.jpg Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Pictures\Thumbs.db Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My PSP Files\Workspaces\Corel Paint Shop Pro X Default.PspWorkspace Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\My Documents\New employee..doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\eTMAs\A215-07_00.exe Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\eTMAs\MARKED TMA01 Part 1.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\eTMAs\MARKEDTHAILAND BLUES.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\eTMAs\PT3OULogo.gif Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\eTMAs\PT3_A215-07_00.htm Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\eTMAs\PT3_A215-07_01.htm Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\eTMAs\Test 1.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\eTMAs\Test Paper.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\eTMAs\THAILAND BLUES.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\8.1 EMPATHY.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\8.1 EMPATHY2.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\8.5 LTD OMNISCIENT.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\8.5 OBJECTIVE.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\8.5 OMNISCIENT.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\8.6 WRITER.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\8.7 CLOWN.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\COMMENTARY02.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\Dad.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\DEPARTURE.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\DORA.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\HAIKU.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\INFATUATION.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\NOTEBOOK.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\THAILAND BLUES.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\THE CROSS.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\WAITER.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\~$8.5 OBJECTIVE.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\TMA01 Marked\MARKED TMA01 Part 1.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\TMA01 Marked\PT3OULogo.gif Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\TMA01 Marked\PT3_A215-07_01.htm Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\TMA01 Marked\TMA01 Part 1.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\TMA01 Parts 1,2,3\A215-07_01.exe Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\TMA01 Parts 1,2,3\TMA01 Part 1 - LETTING GO.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\TMA01 Parts 1,2,3\TMA01 Part 1.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\TMA01 Parts 1,2,3\TMA01 Part 2 - THE TRICYCLE.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\TMA01 Parts 1,2,3\TMA01 Part 3 - REFLECTION.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Paranoid Doctor & Exuberant Waiter.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\~WRL4061.tmp Object is locked skipped
C:\Documents and Settings\Viv\NetHood\SharedDocs on Computer Room PC (Dim9150)\Desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\NetHood\SharedDocs on Computer Room PC (Dim9150)\target.lnk Object is locked skipped
C:\Documents and Settings\Viv\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Viv\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Viv\ntuser.ini Object is locked skipped
C:\Documents and Settings\Viv\Recent\100MSDCF.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2003 10 31.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2004 08 08.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2005 08 07.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2005 08 13.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 02 15.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 04 17.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 05 18.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 06 29.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 07 06.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 07 15.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 08 11.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 08 18.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 11 03.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 11 23.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 11 26.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2007 01 03.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2007 01 07.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2007 02 13.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2007 02 14.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2007 02 20.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2007 02 26.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2007 03 01.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2007 03 18.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2007 03 27.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\298027.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\8.1 EMPATHY.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\8.1 EMPATHY2.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\8.5 LTD OMNISCIENT.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\8.5 OBJECTIVE.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\8.5 OMNISCIENT.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\8.6 WRITER.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\8.7 CLOWN.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\COMMENTARY02.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\DEPARTURE.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Recent\DORA.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\DSC00001.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\DSC00002.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\DSC00004.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\DSC00066.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\eTMAs.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\HAIKU.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_0095.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_0112.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_0121.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_1501.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_2980.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_3601.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_4101.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_4477.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_4501.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_4601.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\INFATUATION.lnk Object is locked skipped
Final Part 5 :
C:\Documents and Settings\Viv\Recent\MARKED TMA01 Part 1.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\MOV00158.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\MPEG Video Clips.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\MVI_2316.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\New employee..lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\Notebook (2).lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\NOTEBOOK- Letting Go.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\NOTEBOOK.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\PT3OULogo.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\PT3_A215-07_00.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\REFLECTION.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\sysprep.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\Test 1.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\Test Paper.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\THAILAND BLUES.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\THE CROSS (2).lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\THE CROSS.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\THE TRICYCLE.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\TMA01 Marked.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\TMA01 Part 1 - LETTING GO.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\TMA01 Part 2 - THE TRICYCLE.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\TMA01 Part 3 - REFLECTION.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\WAITER.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\WINBOM (2).lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\WINBOM.lnk Object is locked skipped
C:\Documents and Settings\Viv\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Viv\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Viv\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Viv\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Entertainment\RealPlayer.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Dell\Phone Support.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Viv\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Viv\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Viv\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Viv\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Viv\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Viv\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Viv\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Viv\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Viv\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Viv\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Viv\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Viv\Templates\wordpfct.wpg Object is locked skipped
C:\Downloads\SnowBoardChamp2004_Setup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\DIGStream\digstream.exe Infected: not-a-virus:Downloader.Win32.DigStream skipped
C:\Program Files\HijackThis\backups\backup-20070428-184753-112.dll Infected: Packed.Win32.Klone.j skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0542NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0821NAV~.TMP Object is locked skipped
C:\RECYCLER\S-1-5-21-2745342383-3274651719-1657546949-1006\Dc279.lnk Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0035600.exe Infected: IM-Worm.Win32.Agent.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0035601.exe/data0003 Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0035601.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP356\A0035695.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.iu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP356\A0035718.exe Infected: IM-Worm.Win32.Agent.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP356\A0035719.exe/data0003 Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP356\A0035719.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP356\A0035721.exe/data0003 Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP356\A0035721.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP356\A0035722.exe Infected: IM-Worm.Win32.Agent.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP361\A0035798.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP365\A0035975.exe/data0012 Infected: not-a-virus:AdWare.Win32.180Solutions.ba skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP365\A0035975.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0036076.exe Infected: IM-Worm.Win32.Agent.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0036077.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0036078.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0036079.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0036080.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0036081.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0036135.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.iu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0036136.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0036148.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0036158.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0036159.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP369\change.log Object is locked skipped
C:\VundoFix Backups\gebcy.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.iu skipped
C:\VundoFix Backups\rqrstsp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{8DB0D28C-2362-4639-9B73-C8DD9A0F0E1D}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0BFC3D75-F1D8-4169-9398-561CDF9AA822}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\embdtxpe.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\sstts.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.iu skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Hi
Well it might be corrupted, not sure.
Empty these folders:
C:\VundoFix Backups\
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine
Delete this:
C:\Documents and Settings\Lilian\net.exe
Empty Recycle Bin
Re-scan with kaspersky
Post:
- a fresh HijackThis log
- kaspersky report
Hi Shaba,
I have followed your last instructions and here is the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 21:04:00, on 30/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVerTV 6.0\AVerQT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV 6.0\AVerQT.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Kaspersky Log to follow in separate posts.
Kaspersky Log Part 1:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, April 30, 2007 8:58:58 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 30/04/2007
Kaspersky Anti-Virus database records: 307607
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics:
Total number of scanned objects: 112542
Number of viruses found: 11
Number of infected objects: 31
Number of suspicious objects: 0
Duration of the scan process: 01:23:14
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3edbae5663951087082ffa0c757fe726_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b84a1a54d45875c0839c19956ee0e620_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04202007-224833.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_817080323_1245184_71428 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{6AA9BC02-98FE-4F53-97E7-2EF0743E2583}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\Dave\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Dave\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{63A93D5A-C134-4E27-9E9A-CE11B44AD87C} Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\History\History.IE5\MSHist012007042320070430\index.dat Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Temp\~DF1867.tmp Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Temp\~DF1872.tmp Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dave\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dave\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun-6E-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Adobe\Acrobat\7.0\Collab\RSS Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Adobe\Acrobat\7.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Corel\Paint Shop Pro\10\Cache\CMD.PspCache Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Corel\Paint Shop Pro\10\Cache\Gradients.PspCache Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Corel\Paint Shop Pro\10\Cache\MYPICTURES.jbf Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Corel\Paint Shop Pro\10\Cache\Patterns.PspCache Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Corel\Paint Shop Pro\10\Cache\Swatches.PspCache Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Corel\Paint Shop Pro\10\Cache\Textures.PspCache Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Corel\Paint Shop Pro\10\Cache\USE.PspCache Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Corel Photo Album\6\ixdb.mdb Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Creative\Media Database\PCML_1.dpm Object is locked skipped
C:\Documents and Settings\Viv\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Google\Local Search History\google%2Eimages.w Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Google\Local Search History\google%2Eweb.w Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\gtny\4EC308F4-A9FC-4be8-BA18-75066D6256D5_CONFIRM.cache Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\gtny\gtuser.cfg Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\persist.cfg Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\persist.cfg Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch3\persist.cfg Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch4\persist.cfg Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\AUCommon.cfg Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_2.log Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSBrws.log Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Address Book\Viv.wab Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Address Book\Viv.wab~ Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.cch Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.old Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\5C8DDA36D60247082B142836039F4636 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\DC2135CED98D8A4D7C0CEE202BB0B810 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\Content\F5A17C00E427F919C4A49EEF5AD0EE53 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\5C8DDA36D60247082B142836039F4636 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\DC2135CED98D8A4D7C0CEE202BB0B810 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\CryptnetUrlCache\MetaData\F5A17C00E427F919C4A49EEF5AD0EE53 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Crypto\RSA\S-1-5-21-2745342383-3274651719-1657546949-1006\f77024af72bb17b4a6ecb43c18e70e89_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\eHome\ehshell.config Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL 9.0.lnk Object is locked skipped
Kaspersky Log Part 2:
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Internet Explorer\UserData\index.dat Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Media Player\063CCB8A.wpl Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\MSO1033.acl Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\MSO2057.acl Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\8.1 EMPATHY.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\8.1 EMPATHY2.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\8.5 LTD OMNISCIENT.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\8.5 OBJECTIVE.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\8.5 OMNISCIENT.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\8.6 WRITER.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\8.7 CLOWN.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\COMMENTARY02.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\DEPARTURE.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\DORA.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\eTMAs.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\INFATUATION.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\MARKED TMA01 Part 1.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\My Documents.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\Normal.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\NOTEBOOK- Letting Go.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\Notebook.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\Open University.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\Paranoid Doctor & Exuberant Waiter.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\REFLECTION.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\Templates.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\THE CROSS.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\TMA01 Marked.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\TMA01 Part 1 - LETTING GO.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\TMA01 Part 1.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\TMA01 Part 2 - THE TRICYCLE.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\TMA01 Part 3 - REFLECTION.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\TMA01 Parts 1,2,3.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Recent\WAITER.LNK Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Office\Word.pip Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Proof\CUSTOM.DIC Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Protect\S-1-5-21-2745342383-3274651719-1657546949-1006\0de75ec4-b85b-497e-8932-4f537e464f57 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Protect\S-1-5-21-2745342383-3274651719-1657546949-1006\c2eae65e-6bef-4211-9c18-3dda1ae54f52 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Protect\S-1-5-21-2745342383-3274651719-1657546949-1006\c2fd440f-25a9-4250-bcc5-ff3b48faf17c Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Protect\S-1-5-21-2745342383-3274651719-1657546949-1006\Preferred Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Protect\S-1-5-21-2745342383-3274651719-1657546949-500\527b8f52-3580-4f31-8ad8-65cda6da8f9b Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Protect\S-1-5-21-2745342383-3274651719-1657546949-500\Preferred Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Shoebox\user.sbc Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Shoebox\user.SBT Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Templates\~WRL0003.tmp Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\WLTB Custom Buttons\microsoft.msn.mymsn.btn\button.xml Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\WLTB Custom Buttons\microsoft.msn.mymsn.btn\msn.bmp Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\WLTB Custom Buttons\microsoft.windowslive.addbtn.btn\add.bmp Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\WLTB Custom Buttons\microsoft.windowslive.addbtn.btn\button.xml Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\WLTB Custom Buttons\microsoft.windowslive.news.btn\button.xml Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\WLTB Custom Buttons\microsoft.windowslive.news.btn\news.bmp Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Word\~WRA0951.wbk Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Microsoft\Word\~WRA4065.wbk Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Real\RealMediaSDK\c0a80100.txt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Real\RealPlayer\norestore.ste Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Real\RealPlayer\realplayer.ste Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Real\RealPlayer\skins\data\normal\imgcache.dat Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Real\RealPlayer\skins\data\normal\state.ini Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\AppletProxy.jar-7cfb8d00-33081f07.idx Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\AppletProxy.jar-7cfb8d00-33081f07.zip Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\holomatix.jar-4606c704-46e0cbf2.idx Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\holomatix.jar-4606c704-46e0cbf2.zip Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Sun\Java\Deployment\deployment.properties Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Sun\Java\Deployment\log\plugin142_03.trace Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\DM\DEVREP\devrep.xml Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\DM\DEVREP\devrepSchema.xdr Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\Application logs\applauncher_all_log.txt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\Application logs\capman_all_log.txt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\Application logs\DM_log.txt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificMPM_log.txt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt.1 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt.2 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt.3 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt.4 Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\teleca_common_log.txt Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\tlib.info Object is locked skipped
C:\Documents and Settings\Viv\Application Data\Teleca\Telecalib\Logging\tlib.init Object is locked skipped
C:\Documents and Settings\Viv\Cookies\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@2every[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@65.243.103[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@65.243.103[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@89.188.16[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@89.188.16[3].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@cpvfeed[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@ercva[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@gallery.live[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@google.co[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@google[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@learn.open.ac[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@m.webtrends[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@map[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@microsoft[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@mydebtsolution.co[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@open.ac[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@passionmatches[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@rad.microsoft[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@rad.msn[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@sdc.windowsmarketplace[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@sdc.windowsmarketplace[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@updates.installshield[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@updateservice.sonic[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@windowsmarketplace[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@www.openuniversity.co[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@www.yourdebts.co[1].txt Object is locked skipped
C:\Documents and Settings\Viv\Cookies\viv@yourdebts.co[2].txt Object is locked skipped
C:\Documents and Settings\Viv\Desktop\Media Center.lnk Object is locked skipped
C:\Documents and Settings\Viv\Desktop\Microsoft Word.lnk Object is locked skipped
C:\Documents and Settings\Viv\Desktop\Shortcut to Open University.lnk Object is locked skipped
C:\Documents and Settings\Viv\Desktop\Spyware Protection from AOL.lnk Object is locked skipped
C:\Documents and Settings\Viv\Desktop\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Viv\Favorites\BBC - Radio 4 - The Lopsided Universe.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Dell\Dell.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Dell\Support.Dell.Com.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Links\RealPlayer.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Media\Real.com Radio Tuner.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Microsoft Websites\IE Add-on site.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Microsoft Websites\IE site on Microsoft.com.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Microsoft Websites\Marketplace.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Microsoft Websites\Microsoft At Home.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Microsoft Websites\Microsoft At Work.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Microsoft Websites\Welcome to IE7.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Viv\Favorites\RealPlayer Home Page.url Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\AcroFnt07.lst Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Adobe\Color\ACECache4.lst Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\InC19.exe.9f09ee1b.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\InC30.exe.68135990.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\InC3B.exe.ac3de7c2.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.b623dd6.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\OOBEINIT.exe.385e8e6d.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\SL4F.tmp.b1f8031b.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\ApplicationHistory\SLF5.tmp.664d238.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\BVRP Software\Modem On Hold\moh.ini Object is locked skipped
Kaspersky Log Part 3:
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\10.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\11.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\12.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\13.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\14.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\15.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\16.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\17.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\18.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\19.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\2.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\20.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\21.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\22.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\23.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\24.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\25.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\26.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\27.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\28.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\29.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\3.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\30.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\31.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\32.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\33.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\34.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\35.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\36.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\37.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\38.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\39.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\4.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\40.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\41.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\42.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\43.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\44.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\45.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\46.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\47.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\48.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\49.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\5.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\6.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\7.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\8.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\9.cpathm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Corel Photo Album\6\PhotoAlbumCache\mru.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\fusioncache.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\Microsoft\Outlook Express\Outbox.dbx Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds Cache\5IA33XXW\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds Cache\7HE5JOO9\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds Cache\7HE5JOO9\fwlink[1] Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds Cache\EMAHL9HM\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds Cache\SHTEP4YA\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Feeds Cache\SHTEP4YA\fwlink[1] Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\HelpCtr\HelpSessionHistory.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Media Player\wmdbexport.xml Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Media Player\wmpfolders.wmdb Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Microsoft\Works\Portfolio\Sample.wsb Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\01262007.Log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\02022007.Log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\02092007.Log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04202007.Log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04242007.Log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04252007.Log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\04262007.Log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\10062006.Log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\1033.MST Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\History\History.IE5\MSHist012007042420070425\index.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\History\History.IE5\MSHist012007042520070426\index.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\History\History.IE5\MSHist012007042620070427\index.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\2ef7_appcompat.txt Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\7200_appcompat.txt Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\AUInst.log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\control.xml Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\d1a9_appcompat.txt Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\fla94.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\gtb79.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\InC19.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\InC30.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\InC3B.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\InstallChannel.log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\jusched.log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\mcu1F.tmp\McAppIns.exe Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\mcu1F.tmp\mcinsres.dll Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\mcu1F.tmp\UpdReq.mcaf Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\mcu1F.tmp\UpdResp.mcaf Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\mcuD.tmp\UpdReq.mcaf Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\mcuD.tmp\UpdResp.mcaf Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\mcuD.tmp\vso\47694770.upm Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\mcuD.tmp\vso\mcdelta.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\MSI31786.LOG Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\MSI59e6c.LOG Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\MSI5baad.LOG Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\qdiagd.log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\qdiagd_2.log Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\TWAIN.LOG Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\Twain001.Mtx Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\VGXD.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.msn.mymsn.btn upgrade status Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 0 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 1 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 3 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn upgrade status Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 0 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 1 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 2 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 3 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 4 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 5 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 6 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 7 Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn upgrade status Object is locked skipped
Kaspersky Log Part 4:
C:\Documents and Settings\Viv\Local Settings\Temp\~WRF0000.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\~WRF0001.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\~WRF0002.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\~WRF0003.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\~WRF0004.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temp\~WRS0005.tmp Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Viv\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\My Documents\AIR PRODUCTS.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\AVerTV\Viv.ini Object is locked skipped
C:\Documents and Settings\Viv\My Documents\AVerTV\Viv.xml Object is locked skipped
C:\Documents and Settings\Viv\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Music\Corel Sample Music\Classical Interlude 1.mp3 Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Music\Corel Sample Music\Jazz Groove.mp3 Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Music\Corel Sample Music\Piano Blues 1.mp3 Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Pictures\CopyLFAlnmouth.jpg Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Pictures\F+L at Worthing.mix Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Pictures\Littlehampton.jpg Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Pictures\Thumbs.db Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My PSP Files\Workspaces\Corel Paint Shop Pro X Default.PspWorkspace Object is locked skipped
C:\Documents and Settings\Viv\My Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\My Documents\New employee..doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\eTMAs\A215-07_00.exe Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\eTMAs\MARKED TMA01 Part 1.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\eTMAs\MARKEDTHAILAND BLUES.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\eTMAs\PT3OULogo.gif Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\eTMAs\PT3_A215-07_00.htm Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\eTMAs\PT3_A215-07_01.htm Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\eTMAs\Test 1.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\eTMAs\Test Paper.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\eTMAs\THAILAND BLUES.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\8.1 EMPATHY.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\8.1 EMPATHY2.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\8.5 LTD OMNISCIENT.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\8.5 OBJECTIVE.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\8.5 OMNISCIENT.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\8.6 WRITER.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\8.7 CLOWN.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\COMMENTARY02.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\Dad.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\DEPARTURE.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\DORA.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\HAIKU.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\INFATUATION.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\NOTEBOOK.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\THAILAND BLUES.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\THE CROSS.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\WAITER.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\Notebook\~$8.5 OBJECTIVE.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\TMA01 Marked\MARKED TMA01 Part 1.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\TMA01 Marked\PT3OULogo.gif Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\TMA01 Marked\PT3_A215-07_01.htm Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\TMA01 Marked\TMA01 Part 1.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\TMA01 Parts 1,2,3\A215-07_01.exe Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\TMA01 Parts 1,2,3\TMA01 Part 1 - LETTING GO.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\TMA01 Parts 1,2,3\TMA01 Part 1.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\TMA01 Parts 1,2,3\TMA01 Part 2 - THE TRICYCLE.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Open University\TMA01 Parts 1,2,3\TMA01 Part 3 - REFLECTION.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\Paranoid Doctor & Exuberant Waiter.doc Object is locked skipped
C:\Documents and Settings\Viv\My Documents\~WRL4061.tmp Object is locked skipped
C:\Documents and Settings\Viv\NetHood\SharedDocs on Computer Room PC (Dim9150)\Desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\NetHood\SharedDocs on Computer Room PC (Dim9150)\target.lnk Object is locked skipped
C:\Documents and Settings\Viv\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Viv\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Viv\ntuser.ini Object is locked skipped
C:\Documents and Settings\Viv\Recent\100MSDCF.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2003 10 31.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2004 08 08.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2005 08 07.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2005 08 13.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 02 15.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 04 17.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 05 18.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 06 29.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 07 06.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 07 15.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 08 11.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 08 18.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 11 03.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 11 23.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2006 11 26.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2007 01 03.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2007 01 07.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2007 02 13.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2007 02 14.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2007 02 20.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2007 02 26.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2007 03 01.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2007 03 18.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\2007 03 27.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\298027.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\8.1 EMPATHY.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\8.1 EMPATHY2.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\8.5 LTD OMNISCIENT.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\8.5 OBJECTIVE.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\8.5 OMNISCIENT.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\8.6 WRITER.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\8.7 CLOWN.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\COMMENTARY02.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\DEPARTURE.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Recent\DORA.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\DSC00001.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\DSC00002.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\DSC00004.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\DSC00066.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\eTMAs.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\HAIKU.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_0095.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_0112.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_0121.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_1501.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_2980.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_3601.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_4101.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_4477.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_4501.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\IMG_4601.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\INFATUATION.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\MARKED TMA01 Part 1.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\MOV00158.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\MPEG Video Clips.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\MVI_2316.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\New employee..lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\Notebook (2).lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\NOTEBOOK- Letting Go.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\NOTEBOOK.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\PT3OULogo.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\PT3_A215-07_00.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\REFLECTION.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\sysprep.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\Test 1.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\Test Paper.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\THAILAND BLUES.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\THE CROSS (2).lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\THE CROSS.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\THE TRICYCLE.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\TMA01 Marked.lnk Object is locked skipped
Kaspersky Log Part 5 (Final)
C:\Documents and Settings\Viv\Recent\TMA01 Part 1 - LETTING GO.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\TMA01 Part 2 - THE TRICYCLE.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\TMA01 Part 3 - REFLECTION.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\WAITER.lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\WINBOM (2).lnk Object is locked skipped
C:\Documents and Settings\Viv\Recent\WINBOM.lnk Object is locked skipped
C:\Documents and Settings\Viv\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Viv\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Viv\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Viv\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Entertainment\RealPlayer.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Dell\Phone Support.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Viv\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Viv\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Viv\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Viv\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Viv\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Viv\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Viv\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Viv\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Viv\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Viv\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Viv\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Viv\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Viv\Templates\wordpfct.wpg Object is locked skipped
C:\Downloads\SnowBoardChamp2004_Setup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\DIGStream\digstream.exe Infected: not-a-virus:Downloader.Win32.DigStream skipped
C:\Program Files\HijackThis\backups\backup-20070428-184753-112.dll Infected: Packed.Win32.Klone.j skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0132NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0207NAV~.TMP Object is locked skipped
C:\RECYCLER\S-1-5-21-2745342383-3274651719-1657546949-1006\Dc279.lnk Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0035600.exe Infected: IM-Worm.Win32.Agent.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0035601.exe/data0003 Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP355\A0035601.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP356\A0035695.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.iu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP356\A0035718.exe Infected: IM-Worm.Win32.Agent.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP356\A0035719.exe/data0003 Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP356\A0035719.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP356\A0035721.exe/data0003 Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP356\A0035721.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP356\A0035722.exe Infected: IM-Worm.Win32.Agent.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP361\A0035798.dll Infected: not-a-virus:AdWare.Win32.Softomate.ac skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP365\A0035975.exe/data0012 Infected: not-a-virus:AdWare.Win32.180Solutions.ba skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP365\A0035975.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0036076.exe Infected: IM-Worm.Win32.Agent.a skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0036077.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0036078.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0036079.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0036080.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP367\A0036081.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0036135.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.iu skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0036136.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ib skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0036148.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0036158.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP368\A0036159.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP369\A0036195.exe/data0003 Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP369\A0036195.exe NSIS: infected - 1 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{D76F7836-48BE-4624-9E9C-5A1FC515CF2E}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{5220BBBB-F3D1-478C-9C2B-2D1FEBE7C08A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\embdtxpe.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\sstts.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.iu skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Hi
Delete these:
C:\WINDOWS\system32\embdtxpe.dll
C:\WINDOWS\system32\sstts.dll
Empty Recycle Bin
Otherwise looking good.
Still problems?
Hi Shaba,
It's looking very good - no abnormal behaviour at the moment. Thank you very much for all the help.
I deleted C:\WINDOWS\system32\embdtxpe.dll and emptied the Recycle Bin. However I cannot find C:\WINDOWS\system32\sstts.dll. I looked in the folder and searched for the file - it does not show up!
So I ran the Kaspersky scan again and it still shows as:
C:\WINDOWS\system32\sstts.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.iu skipped
Can you help me find it and delete it please?
Thanks again.
Hi
Make your hidden files visible -> http://www.xtra.co.nz/help/0,,4155-1916458,00.html and try again, please :)
Hi,
Thanks. That did it, C:\WINDOWS\system32\sstts.dll is gone. Is that it? Is the computer clean now? If so, are there any back-up or restore files that should be removed.
Everything except Norton AV seems to be working fine. I think I will try uninstalling and re-installing the NAV.
No it is back again! I was not even using the computer but returned to the screen to find NAV had found the following "Trojan Horses" in C/WINDOWS/system32/:
jkff.dll
mllml.dll
ssqrs.dll
ssttr.dll
vtsqp.dll
ssqrs.dll
vtsqp.dll.
Ran Spybot S&D and it reported Smitfraud-C.Toolbar888 plus a load of tracking cookies.
Not sure what to do next. Where has this thing come back from?
Hi
Well then re-run vundofix and post its log along with a fresh HijackThis log.
Hi Shaba,
Well this is a bit strange, but after NAV got rid of some stuff last night, Spybot S&D found Smitfraud-C.Toolbar888 and the cookies. I then used Spybot S&D to fix the problems. Now, after your last post, I ran Vundofix and it did not report any infection. So I have just run HJT and here is the latest log:
Logfile of HijackThis v1.99.1
Scan saved at 21:25:00, on 03/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\AVerTV 6.0\AVerQT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\Scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickTV6.lnk = C:\Program Files\AVerTV 6.0\AVerQT.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
What do you think? Thanks for your continuing help. Sorry this is going on so long.
Hi
Well log looks clean.
Do you have any problems left?
Hi Shaba,
My computer seems really, really good now. :bigthumb: No sign of any problems at the moment. Thank you for all your help. I could never cope with this type of stuff on my own. Most users must be like me. So I want to say thank you, to you personally for helping me out with my particular problem, but also to all your colleagues who provide so much help – I do not think the Internet would work very well without people like you.
Hi
Then you're clean!
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Go here (http://java.sun.com/javase/downloads/index.jsp) and download and install JRE 6.0u1. Click the link that says Java Runtime Environment (JRE) 6u1. You will then need to select Accept License Agreement and click the Continue button that is beside it. Then click the link that says Windows Offline Installation, Multi-language. Save it to your Desktop. Then go back to your Desktop and double click jre-6u1-windows-i586-p.exe to start the install. Once you have it installed, click Start>Run, type in appwiz.cpl and hit Enter. From the list, uninstall J2SE Runtime Environment 4.2 Update 3.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and reenable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Reenable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topic405.html)
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls (http://www.bleepingcomputer.com/tutorials/tutorial60.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
IE/Spyad (http://www.spywarewarrior.com/uiuc/resource.htm) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)
Happy surfing and stay clean!
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.