smitfraud-toolbar [Archive] - Safer-Networking Forums

amanyeah

2007-06-16, 00:12

as instructed:

Logfile of HijackThis v1.99.1
Scan saved at 6:09:04 AM, on 6/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wbem\wbemstest.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\DOCUME~1\AMANEN~1\MYDOCU~1\RACLE~1\regedit.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ipmon.exe
C:\WINDOWS\System32\ipmon.exe
C:\Program Files\Common Files\A?pPatch\r?gsvr32.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.34.50.7:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] $$
O4 - HKLM\..\Run: [IgfxTray] $$
O4 - HKLM\..\Run: [HotKeysCmds] $$
O4 - HKLM\..\Run: [DataLayer] $$
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\Run: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKLM\..\Run: [Winmplayer] "C:\WINDOWS\System32\KB_963493.exe"
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\hosqyknx.dll",realset
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\RunServices: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKCU\..\Run: [Cido] "C:\DOCUME~1\AMANEN~1\MYDOCU~1\RACLE~1\regedit.exe" -vt yazb
O4 - HKCU\..\Run: [Skehjqb] "C:\Program Files\Common Files\A?pPatch\r?gsvr32.exe"
O4 - HKCU\..\RunServices: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{17E170B3-408A-461A-929F-39ECE29F1D74}: NameServer = 10.32.1.7
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPod Service iPodServiceNetlogon (iPodServiceNetlogon) - Unknown owner - c:\mwdgdj.exe (file missing)
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Remote Auther Service - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: Telephony TapiSrvSSDPSRV (TapiSrvSSDPSRV) - Unknown owner - c:\mwdgdj.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

amanyeah

2007-06-16, 00:37

VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 6:18:04 AM 6/16/2007

Listing files found while scanning....

C:\windows\system32\awtuvtt.dll
C:\windows\system32\ddcdaxw.dll
C:\windows\system32\ddcdbba.dll
C:\WINDOWS\System32\fccddec.dll
C:\windows\system32\fetrhiml.dll
C:\windows\system32\gebccaw.dll
C:\windows\system32\gebxvts.dll
C:\WINDOWS\System32\hiqxyxts.dll
C:\windows\system32\iifgede.dll
C:\windows\system32\jkkhfgh.dll
C:\windows\system32\jkkihgg.dll
C:\windows\system32\jkkkhif.dll
C:\windows\system32\khfcywx.dll
C:\windows\system32\ojfletkg.dll
C:\WINDOWS\System32\ruuvw.ini
C:\WINDOWS\System32\ruuvw.ini2
C:\WINDOWS\System32\ruuvw.tmp
C:\windows\system32\ssqnool.dll
C:\windows\system32\ssqolli.dll
C:\windows\system32\urqqqrs.dll
C:\windows\system32\uttgnfad.exe
C:\windows\system32\wvusqpq.dll
C:\WINDOWS\System32\wvuur.dll
C:\windows\system32\xxyaaaw.dll
C:\windows\system32\xxyvsts.dll
C:\windows\system32\yaywxwt.dll
C:\windows\system32\yayyvsp.dll
C:\WINDOWS\System32\ypchrcjw.dll

Beginning removal...

Attempting to delete C:\windows\system32\awtuvtt.dll
C:\windows\system32\awtuvtt.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcdaxw.dll
C:\windows\system32\ddcdaxw.dll Has been deleted!

Attempting to delete C:\windows\system32\ddcdbba.dll
C:\windows\system32\ddcdbba.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\fccddec.dll
C:\WINDOWS\System32\fccddec.dll Has been deleted!

Attempting to delete C:\windows\system32\fetrhiml.dll
C:\windows\system32\fetrhiml.dll Has been deleted!

Attempting to delete C:\windows\system32\gebccaw.dll
C:\windows\system32\gebccaw.dll Has been deleted!

Attempting to delete C:\windows\system32\gebxvts.dll
C:\windows\system32\gebxvts.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\hiqxyxts.dll
C:\WINDOWS\System32\hiqxyxts.dll Has been deleted!

Attempting to delete C:\windows\system32\iifgede.dll
C:\windows\system32\iifgede.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkhfgh.dll
C:\windows\system32\jkkhfgh.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkihgg.dll
C:\windows\system32\jkkihgg.dll Has been deleted!

Attempting to delete C:\windows\system32\jkkkhif.dll
C:\windows\system32\jkkkhif.dll Has been deleted!

Attempting to delete C:\windows\system32\khfcywx.dll
C:\windows\system32\khfcywx.dll Has been deleted!

Attempting to delete C:\windows\system32\ojfletkg.dll
C:\windows\system32\ojfletkg.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\ruuvw.ini
C:\WINDOWS\System32\ruuvw.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\ruuvw.ini2
C:\WINDOWS\System32\ruuvw.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\ruuvw.tmp
C:\WINDOWS\System32\ruuvw.tmp Has been deleted!

Attempting to delete C:\windows\system32\ssqnool.dll
C:\windows\system32\ssqnool.dll Has been deleted!

Attempting to delete C:\windows\system32\ssqolli.dll
C:\windows\system32\ssqolli.dll Has been deleted!

Attempting to delete C:\windows\system32\urqqqrs.dll
C:\windows\system32\urqqqrs.dll Has been deleted!

Attempting to delete C:\windows\system32\uttgnfad.exe
C:\windows\system32\uttgnfad.exe Has been deleted!

Attempting to delete C:\windows\system32\wvusqpq.dll
C:\windows\system32\wvusqpq.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\wvuur.dll
C:\WINDOWS\System32\wvuur.dll Could not be deleted.

Attempting to delete C:\windows\system32\xxyaaaw.dll
C:\windows\system32\xxyaaaw.dll Has been deleted!

Attempting to delete C:\windows\system32\xxyvsts.dll
C:\windows\system32\xxyvsts.dll Has been deleted!

Attempting to delete C:\windows\system32\yaywxwt.dll
C:\windows\system32\yaywxwt.dll Has been deleted!

Attempting to delete C:\windows\system32\yayyvsp.dll
C:\windows\system32\yayyvsp.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\ypchrcjw.dll
C:\WINDOWS\System32\ypchrcjw.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\System32\wvuur.dll
C:\WINDOWS\System32\wvuur.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 6:24:49 AM 6/16/2007

Listing files found while scanning....

No infected files were found.

---------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:36:06 AM, on 6/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wbem\wbemstest.exe
C:\DOCUME~1\AMANEN~1\MYDOCU~1\RACLE~1\regedit.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ipmon.exe
C:\WINDOWS\System32\ipmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\A?pPatch\r?gsvr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.34.50.7:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {05041043-0C5F-46A4-A959-58D2A1F73262} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {143997E7-7FA5-4D70-A569-389D4C3BA882} - C:\WINDOWS\System32\wvuur.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549317F8-A74A-4D54-A981-6BAAC1A675A0} - (no file)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\System32\imwknkpf.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {905E1D3B-D788-AB0A-D007-8BADDDE97794} - C:\WINDOWS\System32\mnyvnz.dll
O2 - BHO: (no name) - {AA986A55-8524-45F9-80EA-30D707AEDC00} - C:\WINDOWS\System32\firqacun.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] $$
O4 - HKLM\..\Run: [IgfxTray] $$
O4 - HKLM\..\Run: [HotKeysCmds] $$
O4 - HKLM\..\Run: [DataLayer] $$
O4 - HKLM\..\Run: [ipmon] ipmon.exe
O4 - HKLM\..\Run: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKLM\..\Run: [Winmplayer] "C:\WINDOWS\System32\KB_963493.exe"
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\hosqyknx.dll",realset
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\RunServices: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKCU\..\Run: [Cido] "C:\DOCUME~1\AMANEN~1\MYDOCU~1\RACLE~1\regedit.exe" -vt yazb
O4 - HKCU\..\Run: [Skehjqb] "C:\Program Files\Common Files\A?pPatch\r?gsvr32.exe"
O4 - HKCU\..\RunServices: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{17E170B3-408A-461A-929F-39ECE29F1D74}: NameServer = 10.32.1.7
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPod Service iPodServiceNetlogon (iPodServiceNetlogon) - Unknown owner - c:\mwdgdj.exe (file missing)
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Remote Auther Service - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: Telephony TapiSrvSSDPSRV (TapiSrvSSDPSRV) - Unknown owner - c:\mwdgdj.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

i still got some malware coz in the lower right of my toolbar (next to the clock)there's this red shield with an X saying that i have spyware. it's the same prompt for smitfraud i think..

Shaba

2007-06-16, 18:12

Hi amanyeah

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)

When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

amanyeah

2007-06-17, 01:07

thanks so much for replying shaba.:D:

fortunately for me i do no online banking nor any pecuniary transaction for that matter.

so how are we gonna do this?

amanyeah

2007-06-17, 04:22

i wanna get rid of these little devils man.. :devilpoin:

do whatever it takes.. although i did run avira on my system one last time just for the heck of it.. it got rid of the red shield with the x! i'm not sure if permanently though...

here's a new log from hjt and avira.. hope it helps you in your endeavor to help mankind rid of these evil virus.. :2thumb:

this is a really great forum i might add.. you guys are awesome! :bow:

i hope that i can help you guys somehow.. btw is it ok if i recommend your site to my friends?

-------------------------------
AntiVir PersonalEdition Classic
Report file date: Sunday, June 17, 2007 08:09

Scanning for 829791 virus strains and unwanted programs.

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Sunday, June 17, 2007 08:09

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'BnrRepo2.exe' - '1' Module(s) have been scanned
Scan process 'chikka.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'regedit.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\DOCUME~1\AMANEN~1\MYDOCU~1\RACLE~1\regedit.exe'
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'wbemstest.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\System32\wbem\wbemstest.exe'
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'regedit.exe' has been terminated
Process 'wbemstest.exe' has been terminated
C:\DOCUME~1\AMANEN~1\MYDOCU~1\RACLE~1\regedit.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '46db7c2e.qua'!
C:\WINDOWS\System32\wbem\wbemstest.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '46d97c31.qua'!

27 processes with 25 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( '8' files ).

amanyeah

2007-06-17, 04:23

Starting the file scan:

Begin scan in 'C:\'
C:\jsjdjoa.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.cwj.216
[INFO] The file was deleted!
C:\nzlrs.exe
[DETECTION] Is the Trojan horse TR/KillApp.V.1
[INFO] The file was deleted!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\plugy.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.bls.12
[INFO] The file was deleted!
C:\rsjddpwe.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.erp
[INFO] The file was deleted!
C:\upls.exe
[DETECTION] Is the Trojan horse TR/Click.VB.QW.1
[INFO] The file was deleted!
C:\Documents and Settings\Aman Enconado\Local Settings\Temp\mwdgdj.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '46d87e54.qua'!
C:\Documents and Settings\Aman Enconado\Local Settings\Temp\parDBE4.tmp
[DETECTION] Is the Trojan horse TR/Proxy.Xorpix.AR.38
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\33MNIYHF\acid[2].exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.aey.7
[INFO] The file was moved to '46dd80f0.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\33MNIYHF\agmjxkuurb[1].txt
[DETECTION] Is the Trojan horse TR/Dldr.Small.DDT.3
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\33MNIYHF\blanko[2].exe
[DETECTION] Contains signature of the worm WORM/Sdbot.67584.57
[INFO] The file was moved to '46d58106.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\33MNIYHF\clear[1].exe
[DETECTION] Contains signature of the worm WORM/Sdbot.44358.3
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\33MNIYHF\hjgddaoxuh[1].htm
[DETECTION] Is the Trojan horse TR/Dldr.Small.cwj.216
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\33MNIYHF\homus[1].exe
[DETECTION] Is the Trojan horse TR/Click.VB.QW.1
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\33MNIYHF\yroln[1].htm
[DETECTION] Is the Trojan horse TR/Proxy.Dlena.C
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\acid[1].exe
[DETECTION] Is the Trojan horse TR/Vundo.BQ
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\acid[2].exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.aey.6
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\acid[3].exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.aey.7
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\bku[1].exe
[DETECTION] Is the Trojan horse TR/Click.VB.QW.1
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\funky[1].exe
[DETECTION] Contains signature of the worm WORM/Sdbot.44358.1
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\hjgddaoxuh[1].htm
[DETECTION] Is the Trojan horse TR/Dldr.Small.cwj.216
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\kqwgtddn[1].htm
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '46eb814c.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\kqwgtddn[2].htm
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '46eb8151.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\urlx[1].exe
[DETECTION] Is the Trojan horse TR/KillApp.V.1
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\yroln[10].htm
[DETECTION] Is the Trojan horse TR/Proxy.Dlena.C
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\yroln[1].htm
[DETECTION] Is the Trojan horse TR/Proxy.Dlena.C
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\yroln[2].htm
[DETECTION] Is the Trojan horse TR/Proxy.Dlena.C
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\yroln[3].htm
[DETECTION] Is the Trojan horse TR/Proxy.Dlena.C
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\yroln[4].htm
[DETECTION] Is the Trojan horse TR/Proxy.Dlena.C
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\yroln[5].htm
[DETECTION] Is the Trojan horse TR/Proxy.Dlena.C
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\yroln[6].htm
[DETECTION] Is the Trojan horse TR/Proxy.Dlena.C
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\yroln[7].htm
[DETECTION] Is the Trojan horse TR/Proxy.Dlena.C
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\yroln[8].htm
[DETECTION] Is the Trojan horse TR/Proxy.Dlena.C
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XPQIS234\yroln[9].htm
[DETECTION] Is the Trojan horse TR/Proxy.Dlena.C
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQ0123MW\acid[2].exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.aey.11
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQ0123MW\blanko[1].exe
[DETECTION] Contains signature of the worm WORM/Sdbot.67072.44
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQ0123MW\hjgddaoxuh[1].htm
[DETECTION] Is the Trojan horse TR/Dldr.Small.cwj.216
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQ0123MW\kqwgtddn[1].htm
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '46eb818d.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQ0123MW\kqwgtddn[2].htm
[DETECTION] The file name contains an executable file extension disguised as a harmless one HEUR-DBLEXT/Crypted
[INFO] The file was moved to '46eb8191.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQ0123MW\kqwgtddn[3].htm
[DETECTION] Is the Trojan horse TR/Click.Agent.IS.13
[INFO] The file was moved to '46eb8194.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQ0123MW\kqwgtddn[4].htm
[DETECTION] Is the Trojan horse TR/Click.Agent.IS.13
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQ0123MW\plugy[1].exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.bls.12
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQ0123MW\seat[1].exe
[DETECTION] Contains signature of the worm WORM/Sdbot.41804.5
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQ0123MW\yroln[1].htm
[DETECTION] Is the Trojan horse TR/Proxy.Dlena.C
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQ0123MW\yroln[2].htm
[DETECTION] Is the Trojan horse TR/Proxy.Dlena.C
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YQ0123MW\zm[1].exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z0SKCD5F\acid[1].exe
[DETECTION] Is the Trojan horse TR/Vundo.BQ
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z0SKCD5F\bulk[1].exe
[DETECTION] Contains signature of the worm WORM/Sdbot.41804.26
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z0SKCD5F\info[1].exe
[DETECTION] Is the Trojan horse TR/Dldr.Harnig.XB.6
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z0SKCD5F\info[2].exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z0SKCD5F\mostt[1].exe
[DETECTION] Is the Trojan horse TR/Click.VB.QW.1
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z0SKCD5F\seat[1].exe
[DETECTION] Contains signature of the worm WORM/Sdbot.41804.23
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Z0SKCD5F\zm[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.EG.12
[INFO] The file was deleted!
C:\Program Files\poolsv\wr-1-0000077.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.brf.3
[INFO] The file was deleted!
C:\Program Files\svhost\wr-1-0000077.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.brf.3
[INFO] The file was deleted!
C:\Tools\tsc\tsc.exe
[DETECTION] Contains signature of the worm WORM/Rontok.D
[INFO] The file was deleted!
C:\Tools\tsc\debug\debug.exe
[DETECTION] Is the Trojan horse TR/Agent.CEW
[INFO] The file was deleted!
C:\Tools\tsc\report\report.exe
[DETECTION] Is the Trojan horse TR/Agent.CEW
[INFO] The file was moved to '46e4923c.qua'!
C:\Tools\tsc\tsc\tsc.exe
[DETECTION] Contains signature of the worm WORM/Rontok.D
[INFO] The file was moved to '46d7924f.qua'!
C:\Tools\tsc\tsc\debug\debug.exe
[DETECTION] Is the Trojan horse TR/Agent.CEW
[INFO] The file was moved to '46d69244.qua'!
C:\Tools\tsc\tsc\report\report.exe
[DETECTION] Is the Trojan horse TR/Agent.CEW
[INFO] The file was moved to '46e49248.qua'!
C:\VundoFix Backups\ddcdaxw.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.NF.9
[INFO] The file was moved to '46d79253.qua'!
C:\VundoFix Backups\fetrhiml.dll.bad
[DETECTION] Is the Trojan horse TR/BHO.BD.5
[INFO] The file was moved to '46e89259.qua'!
C:\VundoFix Backups\hiqxyxts.dll.bad
[DETECTION] Is the Trojan horse TR/BHO.BD.4
[INFO] The file was moved to '46e59261.qua'!
C:\VundoFix Backups\iifgede.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.NF.9
[INFO] The file was moved to '46da9265.qua'!
C:\VundoFix Backups\jkkhfgh.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.NF.9
[INFO] The file was moved to '46df926a.qua'!
C:\VundoFix Backups\jkkihgg.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.NF.9
[INFO] The file was moved to '46df926d.qua'!
C:\VundoFix Backups\jkkkhif.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.NF.9
[INFO] The file was moved to '46df9276.qua'!
C:\VundoFix Backups\khfcywx.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.NF.9
[INFO] The file was moved to '46da9277.qua'!
C:\VundoFix Backups\ojfletkg.dll.bad
[DETECTION] Is the Trojan horse TR/Spy.VBStat.J
[INFO] The file was moved to '46da927b.qua'!
C:\VundoFix Backups\ssqnool.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.NF.9
[INFO] The file was moved to '46e59285.qua'!
C:\VundoFix Backups\ssqolli.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.F.2
[INFO] The file was moved to '46e59288.qua'!
C:\VundoFix Backups\urqqqrs.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.F.2
[INFO] The file was moved to '46e5928a.qua'!
C:\VundoFix Backups\uttgnfad.exe.bad
[DETECTION] Is the Trojan horse TR/Agent.anr.1
[INFO] The file was moved to '46e8928f.qua'!
C:\VundoFix Backups\wvusqpq.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.F.2
[INFO] The file was moved to '46e99294.qua'!
C:\VundoFix Backups\xxyaaaw.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.F.2
[INFO] The file was moved to '46ed929a.qua'!
C:\VundoFix Backups\xxyvsts.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.F.2
[INFO] The file was moved to '46ed929c.qua'!
C:\VundoFix Backups\yaywxwt.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.NF.9
[INFO] The file was moved to '46ed9288.qua'!
C:\WINDOWS\b122.exe.bin
[0] Archive type: ZIP
--> b122.exe
[DETECTION] Contains signature of the dropper DR/Softomate.U.65
[INFO] The file was moved to '46a6927b.qua'!
C:\WINDOWS\system32\.exe
[DETECTION] Contains signature of the worm WORM/Rbot.50176.5
[INFO] The file was moved to '46d9938b.qua'!
C:\WINDOWS\system32\eraseme_52275.exe
[DETECTION] Contains signature of the worm WORM/Sdbot.43793.1
[INFO] The file was moved to '46d593e9.qua'!
C:\WINDOWS\system32\firqacun.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '46e693e8.qua'!
C:\WINDOWS\system32\imwknkpf.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '46eb93f9.qua'!
C:\WINDOWS\system32\jp6A27V8.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.3270
[INFO] The file was moved to '46aa9404.qua'!
C:\WINDOWS\system32\KB18561603.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '46a593db.qua'!
C:\WINDOWS\system32\KB21542167.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '46a693e0.qua'!
C:\WINDOWS\system32\KB42687917.exe
[DETECTION] Is the Trojan horse TR/Proxy.Xorpix.AR.37
[INFO] The file was moved to '46a893e5.qua'!
C:\WINDOWS\system32\KB66507128.exe
[DETECTION] Is the Trojan horse TR/Dldr.Tibs.LE.47
[INFO] The file was moved to '46aa93ea.qua'!
C:\WINDOWS\system32\KB93427757.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '46ad93ee.qua'!
C:\WINDOWS\system32\KB93736873.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.bnf.1
[INFO] The file was moved to '46ad93f0.qua'!
C:\WINDOWS\system32\KB96926207.exe
[DETECTION] Is the Trojan horse TR/Shutdowner.BA
[INFO] The file was moved to '46ad93f4.qua'!
C:\WINDOWS\system32\KB_963493.exe.bak
[DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
[INFO] The file was moved to '46d393fa.qua'!
C:\WINDOWS\system32\msorcl32.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '46e3943e.qua'!
C:\WINDOWS\system32\salvage.exe
[DETECTION] Is the Trojan horse TR/Crypt.PCMM.Gen
[INFO] The file was moved to '46e09442.qua'!
C:\WINDOWS\system32\smcs.exe
[DETECTION] Contains signature of the worm WORM/Sdbot.41804.26
[INFO] The file was moved to '46d79456.qua'!
C:\WINDOWS\system32\spoolcs.exe
[DETECTION] Contains signature of the worm WORM/Sdbot.41804.5
[INFO] The file was moved to '46e3945c.qua'!
C:\WINDOWS\system32\spoolsc.exe
[DETECTION] Contains signature of the worm WORM/Sdbot.44358.1
[INFO] The file was moved to '46e39461.qua'!
C:\WINDOWS\system32\symon.exe
[DETECTION] Contains signature of the worm WORM/Sdbot.44358.3
[INFO] The file was moved to '46e19470.qua'!
C:\WINDOWS\system32\varakitu.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '46e6945e.qua'!
C:\WINDOWS\system32\vcmon.exe
[DETECTION] Contains signature of the worm WORM/Sdbot.67584.57
[INFO] The file was moved to '46e19464.qua'!
C:\WINDOWS\system32\wbemstest.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '46d99467.qua'!
C:\WINDOWS\system32\wmvds32.dll
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '46ea947a.qua'!
C:\WINDOWS\Temp\eraseme_45600.exe
[DETECTION] Is the Trojan horse TR/FWDisable.40588
[INFO] The file was moved to '46d5950e.qua'!
C:\WINDOWS\Temp\ma1x1dd1.game
[DETECTION] Contains signature of the dial-up program DIAL/Generic
[INFO] The file was moved to '46a59503.qua'!
C:\WINDOWS\Temp\svcipa.exe
[DETECTION] Is the Trojan horse TR/Hijack.Explor.3270
[INFO] The file was moved to '46d7951b.qua'!
C:\_virusfolder\geebydll.BERMAN
[DETECTION] Is the Trojan horse TR/Vundo.AB
[INFO] The file was moved to '46d99522.qua'!
C:\_virusfolder\opnklkidll.BERMAN
[DETECTION] Is the Trojan horse TR/Vundo.F.2
[INFO] The file was moved to '46e2952f.qua'!

End of the scan: Sunday, June 17, 2007 09:56
Used time: 1:46:54 min

The scan has been done completely.

3974 Scanning directories
266950 Files were scanned
111 viruses and/or unwanted programs were found
7 classified as suspicious:
49 files were deleted
0 files were repaired
60 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
266832 Files not concerned
4018 Archives were scanned
1 Warnings
0 Notes
0 Hidden objects were found

amanyeah

2007-06-17, 04:25

----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:13:35 AM, on 6/17/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.34.50.7:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {05041043-0C5F-46A4-A959-58D2A1F73262} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549317F8-A74A-4D54-A981-6BAAC1A675A0} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] $$
O4 - HKLM\..\Run: [IgfxTray] $$
O4 - HKLM\..\Run: [HotKeysCmds] $$
O4 - HKLM\..\Run: [DataLayer] $$
O4 - HKLM\..\Run: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKLM\..\Run: [Winmplayer] "C:\WINDOWS\System32\KB_963493.exe"
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\System32\hosqyknx.dll",realset
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKCU\..\Run: [Cido] "C:\DOCUME~1\AMANEN~1\MYDOCU~1\RACLE~1\regedit.exe" -vt yazb
O4 - HKCU\..\Run: [Skehjqb] "C:\Program Files\Common Files\A?pPatch\r?gsvr32.exe"
O4 - HKCU\..\RunServices: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{17E170B3-408A-461A-929F-39ECE29F1D74}: NameServer = 10.32.1.7
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPod Service iPodServiceNetlogon (iPodServiceNetlogon) - Unknown owner - c:\mwdgdj.exe (file missing)
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Remote Auther Service - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: Telephony TapiSrvSSDPSRV (TapiSrvSSDPSRV) - Unknown owner - c:\mwdgdj.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

----------------------

i hope this helps. i hope for your response.

thanks! -amanyeah

amanyeah

2007-06-17, 05:50

amanyeah

2007-06-17, 06:22

amanyeah

2007-06-17, 07:05

by the way i ran S&D again i still have smitfraud-c.toolbar888 and an LSA (which is an unknown for the spybot)

amanyeah

2007-06-17, 11:03

hi shaba:D:. i was tinkering with my laptop and ran msconfig...

saw the startup and saw that these startup items:

wbemtest.exe
kb_963493.exe
poolsv.exe
svhost.exe
hosqyknx (command>) rundll32.exe "C:\WINDOWS\System32\hosqyknx.dll",realset
qttask - quicktime i think
avgnt - avira (my antivirus)
ctfmon - C:\WINDOWS\System32\ctfmon.exe
wbemtest - C:\WINDOWS\System32\wbem\wbemtest.exe
regedit - "C:\DOCUME~1\AMANEN~1\MYDOCU~1\RACLE~1\regedit.exe" -vt yazb
regsvr32 - "C:\Program Files\Common Files\AppPatch\regsvr32.exe"

i disabled all of them except the antivirus.. aside from these there are also some dollar signs $$ $$ which i do not know what they represent so i disabled them also.

hope this helps.:bigthumb:

Shaba

2007-06-17, 11:12

Hi

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

1. Download combofix from one of these links:
Link1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link2 (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report
- vundofix report

amanyeah

2007-06-20, 11:47

fresh hjt

Logfile of HijackThis v1.99.1
Scan saved at 5:41:45 PM, on 6/20/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.34.50.7:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {05041043-0C5F-46A4-A959-58D2A1F73262} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549317F8-A74A-4D54-A981-6BAAC1A675A0} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKCU\..\RunServices: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{17E170B3-408A-461A-929F-39ECE29F1D74}: NameServer = 10.32.1.7
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPod Service iPodServiceNetlogon (iPodServiceNetlogon) - Unknown owner - c:\mwdgdj.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Remote Auther Service - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: Telephony TapiSrvSSDPSRV (TapiSrvSSDPSRV) - Unknown owner - c:\mwdgdj.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

---------
vundofix said i had no infections

and i don't know how to get a log from combofix

amanyeah

2007-06-20, 11:53

i was able to run combofix once. but i didn't know how to get a logfile. so i ran it again. now it won't run because i'm missing C:\WINDOWS\regedit.exeh

Shaba

2007-06-20, 11:56

Hi

As for regedit.exe

Restore regedit.exe from your original Windows installation disk (if you don't have one, use someone else's)

1. Click Start > Run.
2. Type cmd
3. Click OK.
4. Insert your Windows Installation CD into your CD-ROM drive.
5. Navigate to the drive corresponding to your CD-ROM drive (e.g. if your CD-ROM uses drive letter e: you would type e: )
6. To copy regedit onto your system type:

copy \I386\regedit.exe c:\Windows\regedit.exe

If no success, download it here (http://forums.techguy.org/attachments/64663d1127776753/regedit.zip) and place to c:\windows

After that, please re-run combofix.

Combofix report is here -> C:\ComboFix.txt

amanyeah

2007-06-20, 20:22

thanks so much for being patient shaba.

here is the combofix log.

ComboFix 07-06-18.2 - C:\Documents and Settings\Aman Enconado\Desktop\ComboFix.exe
"Aman Enconado" - 2007-06-21 2:06:34 - Service Pack 1 NTFS

((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 )))))))))))))))))))))))))))))))

2007-06-28 20:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-28 09:04 109 --ahs---- C:\WINDOWS\system32\3560095853.dat
2007-06-21 02:05 <DIR> d-------- C:\WINDOWS\Regedit
2007-06-20 17:11 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-20 04:24 <DIR> d-------- C:\Program Files\hp deskjet 3420 series
2007-06-20 04:21 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-06-20 00:50 299,520 --a------ C:\WINDOWS\uninst.exe
2007-06-20 00:50 286,720 --a------ C:\WINDOWS\system32\lxalpmnt.dll
2007-06-20 00:50 <DIR> d-------- C:\LxkZ65
2007-06-20 00:50 <DIR> d-------- C:\DOCUME~1\Mama\WINDOWS
2007-06-20 00:32 <DIR> d---s---- C:\DOCUME~1\Mama\UserData
2007-06-17 18:26 <DIR> d-------- C:\Program Files\DivX
2007-06-17 15:54 <DIR> d-------- C:\Program Files\QuickTime
2007-06-17 15:48 <DIR> d-------- C:\WINDOWS\pss
2007-06-17 07:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-06-16 06:18 <DIR> d-------- C:\VundoFix Backups
2007-06-16 02:59 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor
2007-06-16 02:58 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-06-16 02:58 79,872 --a------ C:\WINDOWS\system32\drivers\FOPN.sys
2007-06-16 02:58 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-16 02:58 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-06-16 02:56 <DIR> d-------- C:\WINDOWS\system32\o09PrEz
2007-06-16 02:56 <DIR> d-------- C:\Temp\iee
2007-06-16 02:56 <DIR> d-------- C:\Temp
2007-06-16 02:55 <DIR> d-------- C:\Program Files\svhost
2007-06-16 02:54 <DIR> d-------- C:\Program Files\poolsv
2007-06-06 06:19 <DIR> d-------- C:\Tools
2007-06-05 13:19 <DIR> d-------- C:\_virusfolder

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-28 01:17:51 -------- d-----w C:\Program Files\Common Files\Scanner
2007-06-17 10:26:41 2,435 ----a-w C:\WINDOWS\mozver.dat
2007-06-15 19:40:35 -------- d-----w C:\Program Files\Yahoo!
2007-06-05 05:06:54 377 --sh--w C:\WINDOWS\system32\ybeeg.ini2
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2005-08-17 08:40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"Server Runtime Process"=C:\WINDOWS\System32\wbem\wbemstest.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Server Runtime Process"=C:\WINDOWS\System32\wbem\wbemstest.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Server Runtime Process"=C:\WINDOWS\System32\wbem\wbemstest.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"=$$
"Server Runtime Process"=C:\WINDOWS\System32\wbem\wbemstest.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
C:\WINDOWS\System32\geeby.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Server Runtime Process C:\WINDOWS\System32\wbem\wbemstest.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cido]
"C:\DOCUME~1\AMANEN~1\MYDOCU~1\RACLE~1\regedit.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
$$

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
rundll32.exe "C:\WINDOWS\System32\hosqyknx.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
$$

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
$$

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
C:\WINDOWS\System32\LXSUPMON.EXE RUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
$$

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\poolsv]
"C:\WINDOWS\poolsv.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Server Runtime Process]
C:\WINDOWS\System32\wbem\wbemstest.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skehjqb]
"C:\Program Files\Common Files\A?pPatch\r?gsvr32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svhost]
"C:\WINDOWS\svhost.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winmplayer]
"C:\WINDOWS\System32\KB_963493.exe"

Contents of the 'Scheduled Tasks' folder
2007-06-20 16:00:00 C:\WINDOWS\tasks\At1.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-21 02:10:54
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-21 2:11:53
C:\ComboFix-quarantined-files.txt ... 2007-06-21 02:11

--- E O F ---

Shaba

2007-06-21, 10:31

Hi

First we'll need to backup registry:

Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.

Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop

Windows Registry Editor Version 5.00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Server Runtime Process"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Server Runtime Process"=-

[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cido]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\poolsv]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Server Runtime Process]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skehjqb]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svhost]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Winmplayer]

It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif

Doubleclick fix.reg, press Yes and ok.

(In case you are unsure how to create a reg file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Reg_File_) with screenshots.)

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {05041043-0C5F-46A4-A959-58D2A1F73262} - (no file)
O2 - BHO: (no name) - {549317F8-A74A-4D54-A981-6BAAC1A675A0} - (no file)
O4 - HKLM\..\RunServices: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O4 - HKCU\..\RunServices: [Server Runtime Process] C:\WINDOWS\System32\wbem\wbemstest.exe
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O23 - Service: iPod Service iPodServiceNetlogon (iPodServiceNetlogon) - Unknown owner - c:\mwdgdj.exe (file missing)
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
O23 - Service: Remote Auther Service - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: Telephony TapiSrvSSDPSRV (TapiSrvSSDPSRV) - Unknown owner - c:\mwdgdj.exe (file missing)

Close all windows including browser and press fix checked.

Reboot.

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\ybeeg.ini2
C:\WINDOWS\system32\drivers\FOPN.sys

Folder::
C:\WINDOWS\system32\o09PrEz
C:\Temp
C:\Program Files\svhost
C:\Program Files\poolsv
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor

Save this as ComboFix-Do.txt

Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.

http://img.photobucket.com/albums/v666/sUBs/Combo-Do.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

amanyeah

2007-06-22, 09:19

sorry shaba.. more bad news..

weirdest thing happened.. so i use hjt and reboot. but it doesn't. after the black "windows" screen (right before where i choose user), a box says "system error. lsass.exe could not be found." so i click the ok box. and it restarts... a vicious cycle. until i decide to press f8.. and start windows which last worked.

so i ran hjt again.. and none of the things you asked me to check are there.. totally disappeared..

what now??? sorry..

amanyeah

2007-06-22, 09:48

ok.. i ran combofix anyway.. here's what you asked for:

ComboFix 07-06-18.2 - C:\Documents and Settings\Aman Enconado\Desktop\ComboFix.exe
"Aman Enconado" - 2007-06-22 15:36:29 - Service Pack 1 NTFS
Command switches used :: C:\Documents and Settings\Aman Enconado\Desktop\ComboFix-Do.txt

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ALLUSE~1\APPLIC~1\SalesMonitor
C:\Program Files\poolsv
C:\Program Files\poolsv\k11u72.exe
C:\Program Files\poolsv\svhost.exe
C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\svhost
C:\Temp
C:\WINDOWS\system32\drivers\FOPN.sys
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\o09PrEz\o09PrEz1099.exe
C:\WINDOWS\system32\ybeeg.ini2

((((((((((((((((((((((((( Files Created from 2007-05-22 to 2007-06-22 )))))))))))))))))))))))))))))))

2007-06-28 20:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-28 09:04 109 --ahs---- C:\WINDOWS\system32\3560095853.dat
2007-06-21 02:05 <DIR> d-------- C:\WINDOWS\Regedit
2007-06-20 17:11 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-20 04:24 <DIR> d-------- C:\Program Files\hp deskjet 3420 series
2007-06-20 04:21 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-06-20 00:50 299,520 --a------ C:\WINDOWS\uninst.exe
2007-06-20 00:50 286,720 --a------ C:\WINDOWS\system32\lxalpmnt.dll
2007-06-20 00:50 <DIR> d-------- C:\LxkZ65
2007-06-20 00:50 <DIR> d-------- C:\DOCUME~1\Mama\WINDOWS
2007-06-20 00:32 <DIR> d---s---- C:\DOCUME~1\Mama\UserData
2007-06-17 18:26 <DIR> d-------- C:\Program Files\DivX
2007-06-17 15:54 <DIR> d-------- C:\Program Files\QuickTime
2007-06-17 15:48 <DIR> d-------- C:\WINDOWS\pss
2007-06-17 07:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-06-16 06:18 <DIR> d-------- C:\VundoFix Backups
2007-06-16 02:58 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-06-16 02:58 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-16 02:58 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-06-06 06:19 <DIR> d-------- C:\Tools
2007-06-05 13:19 <DIR> d-------- C:\_virusfolder

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-28 01:17:51 -------- d-----w C:\Program Files\Common Files\Scanner
2007-06-17 10:26:41 2,435 ----a-w C:\WINDOWS\mozver.dat
2007-06-15 19:40:35 -------- d-----w C:\Program Files\Yahoo!
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 16:39]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2005-08-17 08:40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"=$$

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Server Runtime Process C:\WINDOWS\System32\wbem\wbemstest.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
$$

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
$$

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
$$

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXSUPMON]
C:\WINDOWS\System32\LXSUPMON.EXE RUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
$$

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

Contents of the 'Scheduled Tasks' folder
2007-06-21 16:00:00 C:\WINDOWS\tasks\At1.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-22 15:40:53
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-22 15:41:31
C:\ComboFix-quarantined-files.txt ... 2007-06-22 15:41
C:\ComboFix2.txt ... 2007-06-21 02:11

--- E O F ---

amanyeah

2007-06-22, 09:50

Logfile of HijackThis v1.99.1
Scan saved at 3:49:40 PM, on 6/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.34.50.7:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{17E170B3-408A-461A-929F-39ECE29F1D74}: NameServer = 10.32.1.7
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPod Service iPodServiceNetlogon (iPodServiceNetlogon) - Unknown owner - c:\mwdgdj.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe" /service (file missing)
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Telephony TapiSrvSSDPSRV (TapiSrvSSDPSRV) - Unknown owner - c:\mwdgdj.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

:sad:

Shaba

2007-06-22, 11:39

Hi

Anyway, logs look good now.

Does computer now start in normal way?

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

amanyeah

2007-06-23, 00:34

SDFix: Version 1.88

Run by Aman Enconado on Sat 06/23/2007 at 06:20 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
MSDisk

ImagePath:
"C:\WINDOWS\System32\irdvxc.exe" /service

MSDisk - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\-73487~1 - Deleted
C:\WINDOWS\System32KBRunOnce2.tm_ - Deleted
C:\WINDOWS\System32KBRunOnce2.t__ - Deleted
C:\WINDOWS\system32\KBRunOnce2.t__ - Deleted
C:\WINDOWS\system32\TFTP2844 - Deleted
C:\WINDOWS\system32\TFTP3508 - Deleted

Removing Temp Files...

ADS Check:

Checking C:\WINDOWS
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Listing Files with Hidden Attributes:

C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Aman Enconado\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Documents and Settings\Aman Enconado\Application Data\Microsoft\Word\~WRL0026.tmp
C:\Documents and Settings\Aman Enconado\Application Data\Microsoft\Word\~WRL1205.tmp
C:\Documents and Settings\Aman Enconado\Application Data\Microsoft\Word\~WRL2191.tmp
C:\Documents and Settings\Aman Enconado\Application Data\Microsoft\Word\~WRL2443.tmp
C:\Documents and Settings\Aman Enconado\Application Data\Microsoft\Word\~WRL3168.tmp
C:\Documents and Settings\Aman Enconado\Application Data\Microsoft\Word\~WRL3285.tmp
C:\Documents and Settings\Aman Enconado\Application Data\Microsoft\Word\~WRL3713.tmp
C:\Documents and Settings\Aman Enconado\My Documents\Schoolstuff\nego\~WRL1137.tmp
C:\Documents and Settings\Aman Enconado\My Documents\Schoolstuff\nego\~WRL2609.tmp
C:\Documents and Settings\Mama\Application Data\Microsoft\Word\~WRL0003.tmp
C:\Documents and Settings\Mama\Application Data\Microsoft\Word\~WRL1886.tmp
C:\Documents and Settings\Sieny\Application Data\Microsoft\Word\~WRL0003.tmp
C:\Documents and Settings\Sieny\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\Sieny\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Documents and Settings\Sieny\Application Data\Microsoft\Word\~WRL0243.tmp
C:\Documents and Settings\Sieny\Application Data\Microsoft\Word\~WRL0291.tmp
C:\Documents and Settings\Sieny\Application Data\Microsoft\Word\~WRL0673.tmp
C:\Documents and Settings\Sieny\Application Data\Microsoft\Word\~WRL0728.tmp
C:\Documents and Settings\Sieny\Application Data\Microsoft\Word\~WRL1581.tmp
C:\Documents and Settings\Sieny\Application Data\Microsoft\Word\~WRL2311.tmp
C:\Documents and Settings\Sieny\Application Data\Microsoft\Word\~WRL2350.tmp
C:\Documents and Settings\Sieny\Application Data\Microsoft\Word\~WRL2528.tmp
C:\Documents and Settings\Sieny\Application Data\Microsoft\Word\~WRL2991.tmp
C:\Documents and Settings\Sieny\Application Data\Microsoft\Word\~WRL3359.tmp
C:\Documents and Settings\Sieny\Application Data\Microsoft\Word\~WRL3809.tmp
C:\WINDOWS\system32\ybeeg.tmp
C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Listing User Accounts:

Administrator Aman Enconado ASPNET
Guest HelpAssistant lxal_AMAN-Z8KOW1E888
Mama Sieny SUPPORT_388945a0

Finished

amanyeah

2007-06-23, 00:38

fresh hjt

Logfile of HijackThis v1.99.1
Scan saved at 6:35:11 AM, on 6/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.34.50.7:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{17E170B3-408A-461A-929F-39ECE29F1D74}: NameServer = 10.32.1.7
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPod Service iPodServiceNetlogon (iPodServiceNetlogon) - Unknown owner - c:\mwdgdj.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Telephony TapiSrvSSDPSRV (TapiSrvSSDPSRV) - Unknown owner - c:\mwdgdj.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

-----

so how is it?

i can't help but notice that some of the files you asked me to remove earlier are still there. such as

mwdgdj.exe
igfxsrvc.dll

is that bad? does this mean the cleanup wasn't successful?

Shaba

2007-06-23, 11:23

Hi

Those are just leftovers, we'll next target to them.

Please click Start > Run and type in: services.msc
Click OK
In the Services window find: iPod Service iPodServiceNetlogon (iPodServiceNetlogon)
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

Repeat step for Telephony TapiSrvSSDPSRV (TapiSrvSSDPSRV)

Now, go to Start > Run, and copy/paste the following into the Open box:
sc delete iPodServiceNetlogon
Click: OK

Repeat step for TapiSrvSSDPSRV

Reboot.

Post a fresh HijackThis log.

amanyeah

2007-06-24, 07:56

here you go!

Logfile of HijackThis v1.99.1
Scan saved at 1:52:51 PM, on 6/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.34.50.7:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{17E170B3-408A-461A-929F-39ECE29F1D74}: NameServer = 10.32.1.7
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

Shaba

2007-06-24, 12:02

Hi

Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

Post:

- a fresh HijackThis log
- kaspersky report

amanyeah

2007-06-25, 00:00

your wish is my command
----------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 5:56:13 AM, on 6/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.34.50.7:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17E170B3-408A-461A-929F-39ECE29F1D74}: NameServer = 10.32.1.7
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

amanyeah

2007-06-25, 00:05

KASPERSKY ONLINE SCANNER REPORT
Monday, June 25, 2007 5:54:50 AM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 24/06/2007
Kaspersky Anti-Virus database records: 351977

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 70369
Number of viruses found: 58
Number of infected objects: 164
Number of suspicious objects: 3
Duration of the scan process: 00:53:37

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PWSLDPinchIE2.zip/koos.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PWSLDPinchIE2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Documents\ESPNRunTimeSetup.exe/WISE0014.BIN/WISE0008.BIN Infected: not-a-virus:Downloader.Win32.DigStream.a skipped
C:\Documents and Settings\All Users\Documents\ESPNRunTimeSetup.exe/WISE0014.BIN Infected: not-a-virus:Downloader.Win32.DigStream.a skipped
C:\Documents and Settings\All Users\Documents\ESPNRunTimeSetup.exe WiseSFX: infected - 2 skipped
C:\Documents and Settings\All Users\Documents\ESPNRunTimeSetup.exe WiseSFX Dropper: infected - 2 skipped
C:\Documents and Settings\Aman Enconado\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Aman Enconado\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Aman Enconado\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Aman Enconado\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aman Enconado\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aman Enconado\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Aman Enconado\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

amanyeah

2007-06-25, 00:10

uC:\Documents and Settings\Sieny\Desktop\My Pictures\friends\16 - Bale Bale.jpg Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\cool 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\cool 3.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\cool.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\deanna, cara & friends.jpg Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\dogs_onthebed.jpg Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\DSC00009[1].JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\DSC00010[1].JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\DSC00168.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\DSCI0169.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\DSC_0055.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\DSC_1953.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\IMAG0006.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\IMAG0025.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\kid wid turd.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\Marc114a.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\marcnronwald.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\mi pamilia.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\miss u.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\myspace wallpaper.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\shangrila.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\shangrila2.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\supa.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\tag.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\text_and_quotes_224.jpg Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\tina1.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\untitled 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\untitled.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\Zimmer.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\cancer!!.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\cnacer facts acrobat.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\p1.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\p2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 10.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 11.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 12.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 13.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 14.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 15.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 16.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 17.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 18.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 3.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 4.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 5.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 6.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 7.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 8.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 9.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smoking stats.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\statistics.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\types of cancer.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\untitled.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\Desktop.ini Object is locked skipped

amanyeah

2007-06-25, 00:12

C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_000.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_002.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_003.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_004.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_007.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_008.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_010.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_011.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_012.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_014.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_019.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_020.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_022.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_023.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_025.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\acapulco.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\anise plant.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\basil leaf.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\caraway.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\chamomile.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\eucalyptus.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\garlic.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\ginger plant.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\ginger.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\lagundi.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\laurel 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\laurel.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\lemon plant.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\lemon.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\olive 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\olive fruit.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\olive oil.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\onion 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\onion 3.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\onion.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\oregano.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\peppermint.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\rosemary 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\rosemary.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\sambong.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\-Bka mlaglag k.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\-Gnda kmi!-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\-Models-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\-Postcard ü-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\-Uuuy.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\-Wiswis.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\11022006(001).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\11022006(008).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\11022006(009).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\11022006(010).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\13012006(008).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\13012006(013).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\14012006.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\14022006(004).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\14022006.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\14526887148313m.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\15022006(001).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\15022006.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\22112005(001).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\2log na bebe...-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\312476544_s.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Aftr anthro finals-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\allen.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\An0 sbi ni ker0pi.-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\another in your face!!.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\antok na siya.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Aq mum ni shen!.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Beh!-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\bootyfly.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Bustd(276).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\butterfly tat.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\butty.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\C diane nd sadak0!-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Carousel $-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Censored ü-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Cge kamot ü-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Copy of Picture 012.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\crew and me.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Cute 2ng mga 2. -.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Cute kami!-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\D face-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\D nkknig...-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Dats mine!-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\doodling 4.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\During clas-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Fudcourt $-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Funny face-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Galit aq0!-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\ganda ba!.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Gulat ikaw!.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\ipod ko.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\JrAn2kin!-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Kulet-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Kyang kya-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\mga makukulit 001.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\mga makukulit.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\MirrorMirror-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\miss u.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Mukang cla ü-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Ninay's laptop-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\nothing at all.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\pa-cute c leche.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Picture 006.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Picture 012.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Picture 017.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Picture 056.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Picture 071.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\sien.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\sieny gucci.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\sieny pic.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\squatters.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\tashi ni tel.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Wla lng...Ü-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Wyl wtchng dvd-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\turmeric 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\turmeric.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\adrenal gland.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\adrenal gland.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\dwarfism.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\endocrine organs.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\estr.h2.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\hyperthyroidism.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\hypopituitary.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\pancreas pic.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\pancreas.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\pheochromocytoma.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\pineal gland.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\pituitary.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\pituitary_gland.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\thymus.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\thyroid gland.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\01 - Nisya and Marc.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\1-2.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\31363961432443l.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\3242363155576l.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\33545385829841l.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\Al_sien_jr.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\baranka marikina (170).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\cool 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\cool.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\deanna, cara & friends.jpg Object is locked skipped

amanyeah

2007-06-25, 00:17

C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\dogs_onthebed.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\DSC00009[1].JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\DSC00010[1].JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\DSC00011.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\DSC00168.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\gundam_domestic_violence.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\Image(199).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\Image(200).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\Image_01_.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\IMG_0610.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\IMG_0613.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\Im_HAPPEEE_.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\jan and me at perlies.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\kakashi.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\kalbong csr.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\kid wid turd.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\Kissh_.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\kuya j.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\lounge pancakehouse chickenboy twilight 890.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\lounge pancakehouse chickenboy twilight 894.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\mama.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\Marc114a.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\marcnronwald.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\mi pamilia.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\mimek 1.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\mimik danda.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\miss u.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\music love.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\myspace wallpaper.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\perlies 2.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\posh jan brian delben.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\rudy chillin.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\rudy1.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\san pedro.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\shangrila.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\shangrila2.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\shen 1 edit.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\shen 1.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\shen 2.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\shen.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\star city.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\supa.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\tag.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\tiki8wksban.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\untitled 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\untitled.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\vball jongs haircut 071.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\vball jongs haircut 163.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\vballs sucat lounge etc 220.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\vballs sucat lounge etc 366.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\vballs sucat lounge etc 371.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\V_t_o.__.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\Zimmer.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\1223848666.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\13-sex-chromosomes.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\1365838158.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\2_Cancer_Cell_Cycle.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\482894458.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\695873832.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\944485958.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\angiogenesis.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\angiogenesis.jpg 1.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\antionc.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\Apoptosis.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\apoptosis_macrophage.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\cancer1.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\cancer2.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\Cancer_cell, brain.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\cellcycle_fig2.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\chrom-histone.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\chromo2.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\chromosome cycle.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\chromosomes.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\chromosomes_1.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\Copy of 17-07_Apoptosis.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\diff-cell-cycle.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\DNA-HIGH.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\dnapacking.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\Fig 28-04.GIF Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\geneexp.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\genes.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\hivstage.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\htlvdk-1.jpg retrovirus.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\image005_b.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\jjchromo.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\karyotype.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\known protooncogenes.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\Levels of regulation.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\microarray_principle_en.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\mitosis_cycle55.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\oncprot.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\protein-synthesis.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\Protein_synthesis_1.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\sieny protein synthesis.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\sieny RNA.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\telo.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\tourvirus.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\viral1.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\1193_98M.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\1302_01L.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\1312_1313AM.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\1314_1318_1311AM.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\1909-collage-2.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\2328.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\2544.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\2607.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\5391.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\5396.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\8009.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\8056f-f.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\8086a-f.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\850l.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\9334.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\9403.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\977-956l.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\ssg_5818.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\Style-1866_1.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\Style-1866_2.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\invitation styles\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\invitation styles\untitled 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\invitation styles\untitled 3.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\invitation styles\untitled 4.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\invitation styles\untitled.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\para\life cycle schistosomes.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\para\plasmodium falciparum.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\para\plasmodium life cycle.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\para\promastigotes of leishmania.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\para\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\4888W.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\bi01009.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\bi01010.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\bi01011.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\bifoodchain1.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\bifoodweb.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\biomes.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\blood flow through heart.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\enlarged-adenoid.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\Eye%20dissection%202.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\Eye_Anatomy-Anat.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\humanrespiratory8.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\parathyroid-glands.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\repro.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\thymus1.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\tundra.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\untitled 1.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi 10.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi 2.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi 3.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi 4.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi 5.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi 6.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi 7.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi 8.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi 9.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\12187658165255l.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\chinese.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\craig.bmp Object is locked skipped

amanyeah

2007-06-25, 00:19

C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\cute ones.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\cuties.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\d c.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\des.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\dragon.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\faith hope love.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\love.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\roses.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\s2.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\scary wallpaper.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\sleeping beauties.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\smooch and hugs.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\smooch.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\southpark2.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\spiderman.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\squashland.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\tats.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\two_white_puppies.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\untitled.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\virgindigital1280x960.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\wallpaper.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\white_Brown_dogs.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\22 Guaranteed Ways To Destroy A Relationship.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\blast code.txt Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\blog 1.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\Can You Read This.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\elo glitter comment.txt Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\Farewell beloved.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\Hope you send the green dog back to ME.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\How many mistakes will it take for one to learn.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\If questioning would make us wise.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\im 3.txt Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\jamalbauyocspc.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\letters\19 ENERO 2006.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\letters\letter fo tito ed from sien.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\letters\letter for ka lynn.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\letters\letter ni kuya for tito ed.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\letters\letter ni mama to Ka Lynn.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\No one should hold the key of your personal happiness but you.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\Phrases that make my blood boil.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\princessypascua.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\stuff.txt Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\wow.txt Object is locked skipped
C:\Program Files\DAP\History\Mama\20070617.dat Object is locked skipped
C:\Program Files\DAP\History\Sieny\_lasthist.dat Object is locked skipped
C:\Program Files\DAP\Temp\ADS4.tmp.dap Object is locked skipped
C:\Program Files\DAP\Temp\ADS5.tmp.dap Object is locked skipped
C:\Program Files\DAP\Temp\ADS6.tmp.dap Object is locked skipped
C:\Program Files\DAP\Temp\ADS7.tmp.dap Object is locked skipped
C:\Program Files\DAP\Temp\ADSAB.tmp.dap Object is locked skipped
C:\Program Files\DAP\Temp\SRC8.tmp.dap Object is locked skipped
C:\Program Files\DIGStream\digstream.exe Infected: not-a-virus:Downloader.Win32.DigStream.a skipped
C:\Program Files\HijackThis\backups\backup-20070617-080830-709.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\APPATC~1\rеgsvr32.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\QooBox\Quarantine\C\Program Files\poolsv\k11u72.exe.vir/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\QooBox\Quarantine\C\Program Files\poolsv\k11u72.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\QooBox\Quarantine\C\Program Files\poolsv\YazzleBundle-1549.exe.vir/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\QooBox\Quarantine\C\Program Files\poolsv\YazzleBundle-1549.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hosqyknx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jmmigbsq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\Jub44.sys.vir Infected: Rootkit.Win32.Agent.ea skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\masftvny.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\o09PrEz\o09PrEz1099.exe.vir Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sjfxrfjm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vjnifbja.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vquxnrfu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\RECYCLER\S-1-5-21-515967899-492894223-1343024091-1005\Dc1.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-515967899-492894223-1343024091-1005\Dc2.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-515967899-492894223-1343024091-1005\Dc3.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-515967899-492894223-1343024091-1005\Dc4.__ Object is locked skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP170\A0033587.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP170\A0033588.exe Infected: Trojan-Downloader.Win32.VB.aey skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP170\A0033589.exe Infected: Trojan-Downloader.Win32.VB.aey skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP171\A0033619.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP171\A0033621.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP171\A0033624.exe Infected: Trojan-Downloader.Win32.Small.ehs skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP171\A0033649.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP175\A0042842.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP175\A0042850.exe Infected: Trojan-Downloader.Win32.VB.aey skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0045005.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0045006.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046076.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046080.exe Infected: Trojan-Downloader.Win32.VB.aey skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046081.exe Infected: Trojan.Win32.KillApp.v skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046082.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046083.exe Infected: Trojan-Clicker.Win32.VB.qw skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046084.exe Infected: Trojan-Clicker.Win32.VB.qw skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046085.exe Infected: Trojan-Clicker.Win32.VB.qw skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046086.exe Infected: Trojan-Downloader.Win32.Small.erp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046088.exe Infected: Backdoor.Win32.SdBot.awe skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046090.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046091.exe Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046093.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0047089.exe Infected: Backdoor.Win32.Rbot.bni skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0048150.exe Infected: Backdoor.Win32.SdBot.bfl skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP177\A0048154.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.i skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP177\A0048155.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP177\A0048156.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP177\A0048158.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP177\A0048158.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP177\A0048158.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP177\A0048168.dll Infected: Trojan-Proxy.Win32.Dlena.cb skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP177\A0048214.exe Infected: Backdoor.Win32.SdBot.bfl skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0049432.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0049440.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0051468.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052652.exe Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052655.exe Infected: Trojan-Downloader.Win32.VB.aey skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052656.exe Infected: Trojan-Downloader.Win32.VB.aey skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052673.exe Infected: Trojan-Proxy.Win32.Wopla.ag skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052689.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052705.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052725.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052766.exe Infected: Trojan-Downloader.Win32.VB.aya skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052768.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052862.exe/file2 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052862.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052883.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052884.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052885.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052886.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052887.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052888.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gl skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052889.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052890.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052891.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052892.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052893.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052894.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052895.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052896.dll Infected: Trojan-Spy.Win32.VBStat.j skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052897.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052898.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052899.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052900.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052901.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052902.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052903.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052904.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052905.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052906.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052910.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052939.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052944.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052945.exe Infected: Trojan-Clicker.Win32.VB.qw skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052946.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052947.exe Infected: Trojan-Clicker.Win32.VB.qw skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052948.exe Infected: Trojan-Downloader.Win32.VB.aey skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052949.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052950.exe Infected: Backdoor.Win32.Rbot.gen skipped

amanyeah

2007-06-25, 00:23

C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052951.exe Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052952.exe Infected: Trojan.Win32.KillApp.v skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052953.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052954.exe Infected: Trojan-Downloader.Win32.Small.erp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052955.exe Infected: Trojan-Clicker.Win32.VB.qw skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052956.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052957.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052958.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052959.exe Infected: Email-Worm.Win32.Brontok.q skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052960.exe Infected: Trojan.Win32.VB.aqx skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052961.exe Infected: Trojan.Win32.VB.aqx skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052962.exe Infected: Email-Worm.Win32.Brontok.q skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052963.exe Infected: Trojan.Win32.VB.aqx skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052964.exe Infected: Trojan.Win32.VB.aqx skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052965.exe Infected: Backdoor.Win32.Rbot.bni skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052966.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052967.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052968.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052969.exe Infected: Backdoor.Win32.VB.kb skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052970.exe Infected: Rootkit.Win32.Agent.ea skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052971.exe Infected: Trojan-Downloader.Win32.VB.axs skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052972.exe Infected: Trojan-Proxy.Win32.Xorpix.ar skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052973.exe Infected: Email-Worm.Win32.Zhelatin.et skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052974.exe Infected: Trojan-Proxy.Win32.Wopla.ag skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052975.exe Infected: Trojan-Downloader.Win32.Agent.bnf skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052976.exe Infected: Trojan.Win32.Shutdowner.ba skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052977.exe Infected: not-virus:Hoax.Win32.Renos.fn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052978.exe Infected: Backdoor.Win32.Rbot.bjp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052979.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052980.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052981.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052982.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052983.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052984.exe Infected: Backdoor.Win32.SdBot.awe skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052985.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052986.dll Infected: Trojan-Downloader.Win32.VB.asx skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP182\A0053048.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054231.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054232.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054233.exe Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054234.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054236.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054237.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054238.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054239.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054240.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054241.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054364.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054365.exe/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054365.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054367.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054368.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054368.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP187\change.log Object is locked skipped
C:\VundoFix Backups\awtuvtt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\VundoFix Backups\ddcdbba.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\VundoFix Backups\fccddec.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\VundoFix Backups\gebccaw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gl skipped
C:\VundoFix Backups\gebxvts.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\VundoFix Backups\wvuur.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\VundoFix Backups\yayyvsp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\VundoFix Backups\ypchrcjw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\cmd.ftp Infected: Trojan-Downloader.BAT.Ftp.u skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\msets.exe Infected: Trojan-Dropper.Win32.Agent.bbh skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

Shaba

2007-06-25, 11:31

Hi

Empty these folders:

C:\VundoFix Backups
C:\QooBox\Quarantine
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery

Delete these:

C:\WINDOWS\system32\cmd.ftp
C:\WINDOWS\system32\msets.exe

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report

amanyeah

2007-06-27, 09:36

here it is
-----
KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 27, 2007 3:23:08 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 27/06/2007
Kaspersky Anti-Virus database records: 354090
-----

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 73646
Number of viruses found: 56
Number of infected objects: 135
Number of suspicious objects: 1
Duration of the scan process: 01:12:16

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Documents\ESPNRunTimeSetup.exe/WISE0014.BIN/WISE0008.BIN Infected: not-a-virus:Downloader.Win32.DigStream.a skipped
C:\Documents and Settings\All Users\Documents\ESPNRunTimeSetup.exe/WISE0014.BIN Infected: not-a-virus:Downloader.Win32.DigStream.a skipped
C:\Documents and Settings\All Users\Documents\ESPNRunTimeSetup.exe WiseSFX: infected - 2 skipped
C:\Documents and Settings\All Users\Documents\ESPNRunTimeSetup.exe WiseSFX Dropper: infected - 2 skipped
C:\Documents and Settings\Aman Enconado\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Aman Enconado\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Aman Enconado\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Aman Enconado\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aman Enconado\Local Settings\History\History.IE5\MSHist012007062720070628\index.dat Object is locked skipped
C:\Documents and Settings\Aman Enconado\Local Settings\Temp\~DF509A.tmp Object is locked skipped
C:\Documents and Settings\Aman Enconado\Local Settings\Temp\~DFA264.tmp Object is locked skipped
C:\Documents and Settings\Aman Enconado\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Aman Enconado\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Aman Enconado\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\16 - Bale Bale.jpg Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\cool 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\cool 3.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\cool.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\deanna, cara & friends.jpg Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\dogs_onthebed.jpg Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\DSC00009[1].JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\DSC00010[1].JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\DSC00168.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\DSCI0169.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\DSC_0055.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\DSC_1953.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\IMAG0006.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\IMAG0025.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\kid wid turd.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\Marc114a.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\marcnronwald.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\mi pamilia.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\miss u.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\myspace wallpaper.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\shangrila.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\shangrila2.JPG Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\supa.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\tag.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\text_and_quotes_224.jpg Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\tina1.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\untitled 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\untitled.bmp Object is locked skipped
C:\Documents and Settings\Sieny\Desktop\My Pictures\friends\Zimmer.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\cancer!!.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\cnacer facts acrobat.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\p1.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\p2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 10.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 11.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 12.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 13.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 14.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 15.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 16.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 17.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 18.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 3.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 4.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 5.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 6.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 7.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 8.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smear 9.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\smoking stats.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\statistics.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\types of cancer.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\cancer\untitled.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_000.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_002.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_003.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_004.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_007.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_008.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_010.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_011.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_012.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_014.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_019.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_020.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_022.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_023.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\PDVD_025.BMP Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\DVD shots\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\acapulco.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\anise plant.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\basil leaf.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\caraway.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\chamomile.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\eucalyptus.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\garlic.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\ginger plant.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\ginger.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\lagundi.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\laurel 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\laurel.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\lemon plant.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\lemon.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\olive 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\olive fruit.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\olive oil.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\onion 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\onion 3.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\onion.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\oregano.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\peppermint.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\rosemary 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\rosemary.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\sambong.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\-Bka mlaglag k.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\-Gnda kmi!-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\-Models-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\-Postcard ü-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\-Uuuy.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\-Wiswis.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\11022006(001).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\11022006(008).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\11022006(009).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\11022006(010).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\13012006(008).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\13012006(013).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\14012006.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\14022006(004).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\14022006.jpg Object is locked skipped

amanyeah

2007-06-27, 09:37

C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\14526887148313m.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\15022006(001).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\15022006.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\22112005(001).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\2log na bebe...-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\312476544_s.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Aftr anthro finals-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\allen.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\An0 sbi ni ker0pi.-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\another in your face!!.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\antok na siya.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Aq mum ni shen!.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Beh!-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\bootyfly.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Bustd(276).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\butterfly tat.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\butty.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\C diane nd sadak0!-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Carousel $-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Censored ü-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Cge kamot ü-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Copy of Picture 012.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\crew and me.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Cute 2ng mga 2. -.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Cute kami!-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\D face-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\D nkknig...-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Dats mine!-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\doodling 4.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\During clas-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Fudcourt $-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Funny face-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Galit aq0!-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\ganda ba!.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Gulat ikaw!.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\ipod ko.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\JrAn2kin!-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Kulet-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Kyang kya-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\mga makukulit 001.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\mga makukulit.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\MirrorMirror-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\miss u.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Mukang cla ü-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Ninay's laptop-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\nothing at all.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\pa-cute c leche.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Picture 006.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Picture 012.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Picture 017.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Picture 056.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Picture 071.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\sien.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\sieny gucci.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\sieny pic.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\squatters.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\tashi ni tel.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Wla lng...Ü-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\squatters\Wyl wtchng dvd-.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\turmeric 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\eco bio\turmeric.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\adrenal gland.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\adrenal gland.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\dwarfism.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\endocrine organs.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\estr.h2.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\hyperthyroidism.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\hypopituitary.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\pancreas pic.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\pancreas.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\pheochromocytoma.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\pineal gland.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\pituitary.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\pituitary_gland.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\thymus.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\endocrine pics\thyroid gland.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\01 - Nisya and Marc.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\1-2.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\31363961432443l.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\3242363155576l.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\33545385829841l.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\Al_sien_jr.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\baranka marikina (170).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\cool 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\cool.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\deanna, cara & friends.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\dogs_onthebed.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\DSC00009[1].JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\DSC00010[1].JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\DSC00011.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\DSC00168.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\gundam_domestic_violence.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\Image(199).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\Image(200).jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\Image_01_.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\IMG_0610.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\IMG_0613.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\Im_HAPPEEE_.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\jan and me at perlies.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\kakashi.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\kalbong csr.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\kid wid turd.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\Kissh_.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\kuya j.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\lounge pancakehouse chickenboy twilight 890.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\lounge pancakehouse chickenboy twilight 894.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\mama.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\Marc114a.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\marcnronwald.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\mi pamilia.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\mimek 1.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\mimik danda.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\miss u.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\music love.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\myspace wallpaper.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\perlies 2.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\posh jan brian delben.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\rudy chillin.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\rudy1.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\san pedro.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\shangrila.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\shangrila2.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\shen 1 edit.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\shen 1.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\shen 2.jpg Object is locked skipped

amanyeah

2007-06-27, 09:39

C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\shen.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\star city.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\supa.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\tag.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\tiki8wksban.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\untitled 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\untitled.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\vball jongs haircut 071.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\vball jongs haircut 163.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\vballs sucat lounge etc 220.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\vballs sucat lounge etc 366.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\vballs sucat lounge etc 371.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\V_t_o.__.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\friends\Zimmer.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\1223848666.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\13-sex-chromosomes.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\1365838158.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\2_Cancer_Cell_Cycle.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\482894458.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\695873832.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\944485958.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\angiogenesis.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\angiogenesis.jpg 1.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\antionc.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\Apoptosis.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\apoptosis_macrophage.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\cancer1.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\cancer2.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\Cancer_cell, brain.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\cellcycle_fig2.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\chrom-histone.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\chromo2.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\chromosome cycle.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\chromosomes.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\chromosomes_1.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\Copy of 17-07_Apoptosis.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\diff-cell-cycle.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\DNA-HIGH.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\dnapacking.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\Fig 28-04.GIF Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\geneexp.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\genes.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\hivstage.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\htlvdk-1.jpg retrovirus.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\image005_b.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\jjchromo.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\karyotype.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\known protooncogenes.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\Levels of regulation.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\microarray_principle_en.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\mitosis_cycle55.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\oncprot.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\protein-synthesis.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\Protein_synthesis_1.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\sieny protein synthesis.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\sieny RNA.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\telo.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\tourvirus.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\genetics\viral1.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\1193_98M.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\1302_01L.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\1312_1313AM.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\1314_1318_1311AM.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\1909-collage-2.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\2328.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\2544.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\2607.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\5391.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\5396.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\8009.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\8056f-f.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\8086a-f.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\850l.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\9334.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\9403.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\977-956l.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\ssg_5818.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\Style-1866_1.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\Style-1866_2.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\gowns\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\invitation styles\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\invitation styles\untitled 2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\invitation styles\untitled 3.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\invitation styles\untitled 4.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\invitation styles\untitled.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\para\life cycle schistosomes.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\para\plasmodium falciparum.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\para\plasmodium life cycle.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\para\promastigotes of leishmania.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\para\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\2.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\4888W.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\bi01009.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\bi01010.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\bi01011.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\bifoodchain1.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\bifoodweb.gif Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\biomes.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\blood flow through heart.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\enlarged-adenoid.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\Eye%20dissection%202.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\Eye_Anatomy-Anat.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\humanrespiratory8.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\parathyroid-glands.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\repro.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\thymus1.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\tundra.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\physio pics\untitled 1.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi 10.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi 2.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi 3.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi 4.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi 5.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi 6.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi 7.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi 8.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi 9.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\rad bi.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\rad bio\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\12187658165255l.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\chinese.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\craig.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\cute ones.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\cuties.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\d c.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\des.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\dragon.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\faith hope love.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\love.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\roses.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\s2.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\scary wallpaper.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\sleeping beauties.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\smooch and hugs.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\smooch.JPG Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\southpark2.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\spiderman.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\squashland.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\tats.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\Thumbs.db Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\two_white_puppies.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\untitled.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\virgindigital1280x960.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\wallpaper.bmp Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\My Pictures\wallpaper\white_Brown_dogs.jpg Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\22 Guaranteed Ways To Destroy A Relationship.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\blast code.txt Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\blog 1.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\Can You Read This.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\elo glitter comment.txt Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\Farewell beloved.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\Hope you send the green dog back to ME.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\How many mistakes will it take for one to learn.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\If questioning would make us wise.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\im 3.txt Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\jamalbauyocspc.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\letters\19 ENERO 2006.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\letters\letter fo tito ed from sien.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\letters\letter for ka lynn.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\letters\letter ni kuya for tito ed.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\letters\letter ni mama to Ka Lynn.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\No one should hold the key of your personal happiness but you.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\Phrases that make my blood boil.doc Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\princessypascua.doc Object is locked skipped

amanyeah

2007-06-27, 09:53

C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\stuff.txt Object is locked skipped
C:\Documents and Settings\Sieny\My Documents\sieny's thoughts\wow.txt Object is locked skipped
C:\Program Files\DAP\History\Mama\20070617.dat Object is locked skipped
C:\Program Files\DAP\History\Sieny\_lasthist.dat Object is locked skipped
C:\Program Files\DAP\Temp\ADS4.tmp.dap Object is locked skipped
C:\Program Files\DAP\Temp\ADS5.tmp.dap Object is locked skipped
C:\Program Files\DAP\Temp\ADS6.tmp.dap Object is locked skipped
C:\Program Files\DAP\Temp\ADS7.tmp.dap Object is locked skipped
C:\Program Files\DAP\Temp\ADSAB.tmp.dap Object is locked skipped
C:\Program Files\DAP\Temp\SRC8.tmp.dap Object is locked skipped
C:\Program Files\DIGStream\digstream.exe Infected: not-a-virus:Downloader.Win32.DigStream.a skipped
C:\Program Files\HijackThis\backups\backup-20070617-080830-709.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\RECYCLER\S-1-5-21-515967899-492894223-1343024091-1005\Dc1.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-515967899-492894223-1343024091-1005\Dc2.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-515967899-492894223-1343024091-1005\Dc3.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-515967899-492894223-1343024091-1005\Dc4.__ Object is locked skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP170\A0033589.exe Infected: Trojan-Downloader.Win32.VB.aey skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP171\A0033619.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP171\A0033621.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP171\A0033624.exe Infected: Trojan-Downloader.Win32.Small.ehs skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP171\A0033649.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP175\A0042842.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP175\A0042850.exe Infected: Trojan-Downloader.Win32.VB.aey skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0045005.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0045006.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046076.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046080.exe Infected: Trojan-Downloader.Win32.VB.aey skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046081.exe Infected: Trojan.Win32.KillApp.v skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046082.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046083.exe Infected: Trojan-Clicker.Win32.VB.qw skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046084.exe Infected: Trojan-Clicker.Win32.VB.qw skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046085.exe Infected: Trojan-Clicker.Win32.VB.qw skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046086.exe Infected: Trojan-Downloader.Win32.Small.erp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046088.exe Infected: Backdoor.Win32.SdBot.awe skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046090.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046091.exe Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0046093.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0047089.exe Infected: Backdoor.Win32.Rbot.bni skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP176\A0048150.exe Infected: Backdoor.Win32.SdBot.bfl skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP177\A0048154.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.i skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP177\A0048155.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP177\A0048156.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP177\A0048158.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP177\A0048158.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP177\A0048158.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP177\A0048168.dll Infected: Trojan-Proxy.Win32.Dlena.cb skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP177\A0048214.exe Infected: Backdoor.Win32.SdBot.bfl skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0049432.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0049440.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0051468.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052656.exe Infected: Trojan-Downloader.Win32.VB.aey skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052673.exe Infected: Trojan-Proxy.Win32.Wopla.ag skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052689.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052705.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052725.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052766.exe Infected: Trojan-Downloader.Win32.VB.aya skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052768.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052862.exe/file2 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052862.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052883.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052884.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052885.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052886.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052887.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052888.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gl skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052889.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052890.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052891.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052892.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052893.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052894.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052895.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052896.dll Infected: Trojan-Spy.Win32.VBStat.j skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052897.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052898.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052899.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052900.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052901.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052902.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052903.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052904.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052905.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052906.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052910.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP180\A0052939.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052944.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052945.exe Infected: Trojan-Clicker.Win32.VB.qw skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052946.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052947.exe Infected: Trojan-Clicker.Win32.VB.qw skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052948.exe Infected: Trojan-Downloader.Win32.VB.aey skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052949.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052950.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052951.exe Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052952.exe Infected: Trojan.Win32.KillApp.v skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052953.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052954.exe Infected: Trojan-Downloader.Win32.Small.erp skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052955.exe Infected: Trojan-Clicker.Win32.VB.qw skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052956.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052957.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052958.exe Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052959.exe Infected: Email-Worm.Win32.Brontok.q skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052960.exe Infected: Trojan.Win32.VB.aqx skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052961.exe Infected: Trojan.Win32.VB.aqx skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052962.exe Infected: Email-Worm.Win32.Brontok.q skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052963.exe Infected: Trojan.Win32.VB.aqx skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052964.exe Infected: Trojan.Win32.VB.aqx skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052965.exe Infected: Backdoor.Win32.Rbot.bni skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052966.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052967.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052968.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052969.exe Infected: Backdoor.Win32.VB.kb skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052970.exe Infected: Rootkit.Win32.Agent.ea skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052971.exe Infected: Trojan-Downloader.Win32.VB.axs skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052972.exe Infected: Trojan-Proxy.Win32.Xorpix.ar skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052973.exe Infected: Email-Worm.Win32.Zhelatin.et skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052974.exe Infected: Trojan-Proxy.Win32.Wopla.ag skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052975.exe Infected: Trojan-Downloader.Win32.Agent.bnf skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052976.exe Infected: Trojan.Win32.Shutdowner.ba skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052977.exe Infected: not-virus:Hoax.Win32.Renos.fn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052978.exe Infected: Backdoor.Win32.Rbot.bjp skipped

amanyeah

2007-06-27, 09:55

C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052979.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052980.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052981.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052982.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052983.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052984.exe Infected: Backdoor.Win32.SdBot.awe skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052985.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP181\A0052986.dll Infected: Trojan-Downloader.Win32.VB.asx skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP182\A0053048.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054231.sys Infected: Rootkit.Win32.Agent.ea skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054232.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054233.exe Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054234.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054236.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054237.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054238.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054239.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054240.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054241.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054364.exe Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054365.exe/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054365.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054367.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054368.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP185\A0054368.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP187\A0054554.exe Infected: Trojan-Dropper.Win32.Agent.bbh skipped
C:\System Volume Information\_restore{BDBEFF59-FC3A-46EA-9C1D-41F6224646AD}\RP188\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped

Scan process completed.

----------------
Logfile of HijackThis v1.99.1
Scan saved at 3:54:07 PM, on 6/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\lexpps.exe
C:\Program Files\Chikka\chikka.exe
C:\PROGRA~1\Chikka\BnrRepo2.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.34.50.7:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{17E170B3-408A-461A-929F-39ECE29F1D74}: NameServer = 10.32.1.7
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

-----------

just a question. why does kaspersky skip so many files? won't they skip some virus in the process?

also looks like i still have a whole bunch of virus according to kaspersky.. is that correct? oh man..

Shaba

2007-06-27, 11:56

Hi

"just a question. why does kaspersky skip so many files? won't they skip some virus in the process?"

No, they're are in use during scan.

"also looks like i still have a whole bunch of virus according to kaspersky.. is that correct? oh man.."

Yes, but they're all in system restore (C:\System Volume Information) and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?

amanyeah

2007-06-27, 22:13

it seems to be running great now.. :bigthumb:so much better than before! and just a few pop ups here and there (but only when i visit new sites)

thanks so much shaba.. :2thumb: :bow:

now how do we get rid of those inactive virus??:scratch:

Shaba

2007-06-28, 11:03

Hi

Just follow my instructions below :)

Then you're clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Update Acrobat Reader to version 8.0.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za)
2) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
3) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
4) Comodo (http://www.personalfirewall.comodo.com/)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Reenable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topic405.html)

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls (http://www.bleepingcomputer.com/tutorials/tutorial60.html)

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

A tutorial on installing & using this product can be found here:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/?showtutorial=48)

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

IE/Spyad (http://www.spywarewarrior.com/uiuc/resource.htm) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Comodo BOCLEAN (http://www.comodo.com/boclean/boclean.html) <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)

Happy surfing and stay clean!