View Full Version : S&D cannot remove smitfraud and virtumond
Gatsby, Jay P.
2007-08-13, 01:49
I have popups making my computer unusable. I use S&D but it cannot fix 5 problems even at restart. here is a hjt log I just ran. Please help me :[
Logfile of HijackThis v1.99.1
Scan saved at 3:40:19 PM, on 8/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ihknxapr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jay Gatsby\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\ubwlmaks.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\SYSTEM32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\SYSTEM32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: DomainService - - C:\WINDOWS\system32\ihknxapr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Hi Gatsby, Jay P.
I see no antivirus installed.
Looking over your log, it seems you don't have any evidence of an anti-virus software.
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:
1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/doc/1) - Free edition of the AVG anti-virus program for Windows.
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
After that:
Create own folder for HijackThis to desktop and move it to that folder.
Rename HijackThis.exe to scanner.exe and post back a fresh HijackThis log, please :)
Gatsby, Jay P.
2007-08-13, 22:18
Ok, d/l first anti-virus software, installed, updated;
Made folder on desktop called scanner, renamed hjt to scanner.exe and placed in folder, ran new scan:
[ I did have an entry in the running processes with a bunch of random letters and it was eating all my memory, so I used regedit to delete the reg item, them renamed the actual file to F**K.txt so it couldn't load the process. Took care of that problem for the moment. ]
Logfile of HijackThis v1.99.1
Scan saved at 12:14:12 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sonique\sqstart.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\WINDOWS\SYSTEM32\cmd.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sonique\Sonique.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Jay Gatsby\Desktop\scanner\scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C46962B-FB00-4A59-AFB3-7E6574620834} - C:\WINDOWS\system32\kohikwyn.dll
O2 - BHO: 0 - {32F0A1FA-75D7-46F5-4599-5FAF07E31093} - C:\Program Files\microsoft frontpage\lavuqacur.dll
O2 - BHO: (no name) - {3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} - C:\WINDOWS\system32\qomkhii.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {69125B96-8F08-4D26-8788-E531BE0361E8} - C:\WINDOWS\system32\qyymayta.dll (file missing)
O2 - BHO: (no name) - {6CD1E8A2-75C3-4D1A-9677-397F7ED204B5} - C:\Program Files\MSN\hokewob.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\swnlmudy.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\cyjkijrd.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {FF3E337F-BA2C-416A-A263-405F3499C131} - C:\WINDOWS\system32\ddccd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\jptqhsfv.dll",forkonce
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\SYSTEM32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\SYSTEM32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddccd - C:\WINDOWS\system32\ddccd.dll
O20 - Winlogon Notify: qomkhii - C:\WINDOWS\SYSTEM32\qomkhii.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ihknxapr.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Gatsby, Jay P.
2007-08-14, 03:18
Avira ran a scan while I was waiting and quarantined 183 files. I ran a new hjt log for you:
Logfile of HijackThis v1.99.1
Scan saved at 5:14:15 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sonique\sqstart.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\WINDOWS\SYSTEM32\cmd.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sonique\Sonique.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jay Gatsby\Desktop\scanner\scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C46962B-FB00-4A59-AFB3-7E6574620834} - C:\WINDOWS\system32\kohikwyn.dll (file missing)
O2 - BHO: 0 - {32F0A1FA-75D7-46F5-4599-5FAF07E31093} - C:\Program Files\microsoft frontpage\lavuqacur.dll (file missing)
O2 - BHO: (no name) - {3E8EC2D9-806B-4C7F-AE7F-F44AD4ABE8B5} - C:\WINDOWS\system32\qomkhii.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {69125B96-8F08-4D26-8788-E531BE0361E8} - C:\WINDOWS\system32\qyymayta.dll (file missing)
O2 - BHO: (no name) - {6CD1E8A2-75C3-4D1A-9677-397F7ED204B5} - C:\Program Files\MSN\hokewob.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\swnlmudy.dll (file missing)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\cyjkijrd.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {FF3E337F-BA2C-416A-A263-405F3499C131} - C:\WINDOWS\system32\ddccd.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\bvdcopja.dll",forkonce
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\SYSTEM32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\SYSTEM32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddccd - C:\WINDOWS\system32\ddccd.dll
O20 - Winlogon Notify: qomkhii - C:\WINDOWS\SYSTEM32\qomkhii.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ihknxapr.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Hi
1. Download combofix from one of these links:
Link1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link2 (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Post:
- a fresh HijackThis log
- combofix report
Gatsby, Jay P.
2007-08-15, 03:13
ok, ran combo fix; while combofix was running, avira found 15 or 20 files that it quarantined. here are the logs you requested.
Logfile of HijackThis v1.99.1
Scan saved at 5:11:13 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\cmd.exe
C:\ComboFix\vfind.cfexe
C:\Documents and Settings\Jay Gatsby\Desktop\scanner\scanner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C46962B-FB00-4A59-AFB3-7E6574620834} - C:\WINDOWS\system32\kohikwyn.dll (file missing)
O2 - BHO: 0 - {32F0A1FA-75D7-46F5-4599-5FAF07E31093} - C:\Program Files\microsoft frontpage\lavuqacur.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {69125B96-8F08-4D26-8788-E531BE0361E8} - C:\WINDOWS\system32\qyymayta.dll (file missing)
O2 - BHO: (no name) - {6CD1E8A2-75C3-4D1A-9677-397F7ED204B5} - C:\Program Files\MSN\hokewob.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\SYSTEM32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\SYSTEM32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
(continued)
Gatsby, Jay P.
2007-08-15, 03:14
ComboFix 07-08-14.4 - "Jay Gatsby" 2007-08-14 15:10:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.244 [GMT -7:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2007\Data\ProductCode
C:\DOCUME~1\JAYGAT~1\MYDOCU~1.\sembly~1
C:\Program Files\microsoft frontpage\profsyfsyveq.html
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\tn3
C:\UWA7P
C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\mcroso~1
C:\WINDOWS\SYSTEM32\ajpocdvb.ini
C:\WINDOWS\system32\bvdcopja.dll
C:\WINDOWS\SYSTEM32\dccdd.bak1
C:\WINDOWS\SYSTEM32\dccdd.bak2
C:\WINDOWS\SYSTEM32\dccdd.ini
C:\WINDOWS\SYSTEM32\dccdd.ini2
C:\WINDOWS\SYSTEM32\dccdd.tmp
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\SYSTEM32\ditoeatl.ini
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\SYSTEM32\emgeskkn.ini
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\hoyblalt.dll
C:\WINDOWS\SYSTEM32\ihkmp.ini
C:\WINDOWS\system32\jptqhsfv.dll
C:\WINDOWS\system32\ltaeotid.dll
C:\WINDOWS\system32\nkksegme.dll
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\qomkhii.dll
C:\WINDOWS\system32\qxumfuhr.dll
C:\WINDOWS\SYSTEM32\rhufmuxq.ini
C:\WINDOWS\system32\roroxcfy.dll
C:\WINDOWS\SYSTEM32\skamlwbu.ini
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\ssttt.dll
C:\WINDOWS\system32\T2
C:\WINDOWS\system32\T2\dlb66.exe
C:\WINDOWS\system32\T3
C:\WINDOWS\system32\T4
C:\WINDOWS\system32\T6
C:\WINDOWS\SYSTEM32\tlalbyoh.ini
C:\WINDOWS\SYSTEM32\tttss.ini
C:\WINDOWS\system32\ubwlmaks.dll
C:\WINDOWS\system32\uxqsxrnv.dll
C:\WINDOWS\SYSTEM32\vfshqtpj.ini
C:\WINDOWS\SYSTEM32\vnrxsqxu.ini
C:\WINDOWS\system32\wtsisvit32.exe
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\wr.txt
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\core
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))
2007-08-14 15:08 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-13 11:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-08-11 03:23 1,156 --a------ C:\WINDOWS\mozver.dat
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-14 15:15 --------- d-------- C:\Program Files\microsoft frontpage
2007-08-13 21:56 --------- d-------- C:\Program Files\Sonique
2007-08-13 17:19 --------- d-------- C:\Program Files\Steam
2007-07-12 22:40 --------- d-------- C:\Program Files\VCW VicMan's Photo Editor
2007-05-22 00:45 184444 --a------ C:\WINDOWS\system32\pwintndu.exe
2007-05-16 08:12 86528 --------- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 08:12 85504 --------- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 08:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 08:12 683520 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 08:12 510976 --------- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 08:12 1314816 --------- C:\WINDOWS\system32\dllcache\msoe.dll
2005-07-29 23:24:26 472 --sha-r C:\WINDOWS\SnVzdGluIFJpY2hlcnQ\mBpWx35RKILDsZ15wBk.vbs
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C46962B-FB00-4A59-AFB3-7E6574620834}]
C:\WINDOWS\system32\kohikwyn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32F0A1FA-75D7-46F5-4599-5FAF07E31093}]
C:\Program Files\microsoft frontpage\lavuqacur.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69125B96-8F08-4D26-8788-E531BE0361E8}]
C:\WINDOWS\system32\qyymayta.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6CD1E8A2-75C3-4D1A-9677-397F7ED204B5}]
2007-04-06 12:27 139264 --a------ C:\Program Files\MSN\hokewob.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-12-10 06:04]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
C:\Documents and Settings\Jay Gatsby\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 08:00:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 08:00:00]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\microsoft frontpage\profsyfsyveq.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk
backup=C:\WINDOWS\pss\ WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay Gatsby^Start Menu^Programs^Startup^ASE Scheduler.lnk]
path=C:\Documents and Settings\Jay Gatsby\Start Menu\Programs\Startup\ASE Scheduler.lnk
backup=C:\WINDOWS\pss\ASE Scheduler.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay Gatsby^Start Menu^Programs^Startup^Corel Print Office Registration.lnk]
path=C:\Documents and Settings\Jay Gatsby\Start Menu\Programs\Startup\Corel Print Office Registration.lnk
backup=C:\WINDOWS\pss\Corel Print Office Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay Gatsby^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Jay Gatsby\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay Gatsby^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\Jay Gatsby\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay Gatsby^Start Menu^Programs^Startup^Trillian.lnk]
path=C:\Documents and Settings\Jay Gatsby\Start Menu\Programs\Startup\Trillian.lnk
backup=C:\WINDOWS\pss\Trillian.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay Gatsby^Start Menu^Programs^Startup^Virtual Bouncer.lnk]
path=C:\Documents and Settings\Jay Gatsby\Start Menu\Programs\Startup\Virtual Bouncer.lnk
backup=C:\WINDOWS\pss\Virtual Bouncer.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay Gatsby^Start Menu^Programs^Startup^Wallpaper Changer.lnk]
path=C:\Documents and Settings\Jay Gatsby\Start Menu\Programs\Startup\Wallpaper Changer.lnk
backup=C:\WINDOWS\pss\Wallpaper Changer.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcctMgr]
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
"C:\WINDOWS\MCROSO~1\csrss.exe" -vt ndrv
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
C:\WINDOWS\system32\pwintndu.exe CHD003
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eyeball Chat]
"C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fwqm]
C:\PROGRA~1\COMMON~1\fwqm\fwqmm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Genuine]
rundll32.exe "C:\WINDOWS\system32\mvtgdsgo.dll",realset
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
rundll32.exe "C:\WINDOWS\system32\gyqdpnes.dll",realset
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"c:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\system32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Inet Delivery]
C:\Program Files\Inet Delivery\inetdl_2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
C:\Program Files\Ipwindows\ipwins.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mav_startupmon]
"C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nsfzejcqz]
C:\WINDOWS\system32\nfrsnf.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rtasks]
C:\Program Files\WinAntiVirus Pro 2007\rtasks.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
rundll32.exe "C:\WINDOWS\system32\vcyxxqfw.dll",realset
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoniqueQuickStart]
C:\Program Files\Sonique\sqstart.exe -nostick
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\qxumfuhr.dll",forkonce
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"C:\Program Files\Web_Rebates\WebRebates0.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSavingsfromEbates]
javaw -cp "C:\Program Files\WebSavingsfromEbates\System\Code" Main lp: "C:\Program Files\WebSavingsfromEbates"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
C:\WINDOWS\wupdt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wqbujm]
"C:\Documents and Settings\Jay Gatsby\My Documents\??sembly\w?nword.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
c:\program files\zango\zango.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch\iTouch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{53-33-36-63-ZN}]
c:\windows\system32\msdsregj.exe CHD003
R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys
R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
R3 BLKWGD;Belkin Wireless G Desktop Card Service;C:\WINDOWS\system32\DRIVERS\BLKWGD.sys
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
S3 ATITUNEP;ATI WDM TV Tuner (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\atintuxx.sys
S3 ativraxx;ATI WDM Rage Theater Audio (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\atinraxx.sys
S3 ATIXSAudio;ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
S3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys
S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
S3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\Drivers\itchfltr.sys
S3 LwUsbHid;Logitech WingMan Formula Force USB;C:\WINDOWS\system32\DRIVERS\LwUsbHid.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
S3 XIRLINK;Veo Mobile/Advanced Web Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ab403c2-6ef6-11db-86f5-001150d48881}]
AutoRun\command- E:\setupSNK.exe
Contents of the 'Scheduled Tasks' folder
2004-12-24 18:08:18 C:\WINDOWS\Tasks\HP Usg Daily.job - c:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
2007-08-13 10:00:00 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job - C:\Program Files\SpywareBot\SpywareBot.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 17:08:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-14 17:10:24 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-14 17:10
--- E O F ---
Hi
Open HijackThis, click do a system scan only and checkmark these:
O2 - BHO: (no name) - {1C46962B-FB00-4A59-AFB3-7E6574620834} - C:\WINDOWS\system32\kohikwyn.dll (file missing)
O2 - BHO: 0 - {32F0A1FA-75D7-46F5-4599-5FAF07E31093} - C:\Program Files\microsoft frontpage\lavuqacur.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {69125B96-8F08-4D26-8788-E531BE0361E8} - C:\WINDOWS\system32\qyymayta.dll (file missing)
O2 - BHO: (no name) - {6CD1E8A2-75C3-4D1A-9677-397F7ED204B5} - C:\Program Files\MSN\hokewob.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
Close all windows including browser and press fix checked.
Reboot.
Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\system32\pwintndu.exe
Folder::
C:\WINDOWS\SnVzdGluIFJpY2hlcnQ
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay Gatsby^Start Menu^Programs^Startup^TA_Start.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay Gatsby^Start Menu^Programs^Startup^Think-Adz.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fwqm]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Genuine]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Inet Delivery]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nsfzejcqz]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rtasks]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"C:\Program Files\Web_Rebates\WebRebates0.exe"
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebSavingsfromEbates]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wqbujm]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{53-33-36-63-ZN}]
Save this as "CFScript"
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
Gatsby, Jay P.
2007-08-20, 01:18
sorry about that delay, my internetz decided not to work for a few days. here are the logs you requested.
Logfile of HijackThis v1.99.1
Scan saved at 3:11:28 PM, on 8/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jay Gatsby\Desktop\scanner\scanner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\SYSTEM32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\SYSTEM32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
ComboFix 07-08-14.4 - "Jay Gatsby" 2007-08-19 15:06:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.277 [GMT -7:00]
Command switches used :: C:\Documents and Settings\Jay Gatsby\Desktop\cfscript.txt
* Created a new restore point
FILE::
C:\WINDOWS\system32\pwintndu.exe
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\SnVzdGluIFJpY2hlcnQ
C:\WINDOWS\SnVzdGluIFJpY2hlcnQ\mBpWx35RKILDsZ15wBk.vbs
C:\WINDOWS\system32\pwintndu.exe
((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))
2007-08-14 15:08 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-13 11:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-08-11 03:23 1,156 --a------ C:\WINDOWS\mozver.dat
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-14 15:15 --------- d-------- C:\Program Files\microsoft frontpage
2007-08-13 21:56 --------- d-------- C:\Program Files\Sonique
2007-08-13 17:19 --------- d-------- C:\Program Files\Steam
2007-07-12 22:40 --------- d-------- C:\Program Files\VCW VicMan's Photo Editor
2007-06-26 08:13 851968 --------- C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-26 07:09 658944 --------- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-25 23:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 23:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 06:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 06:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-14 11:09 96256 --------- C:\WINDOWS\system32\dllcache\inseng.dll
2007-06-14 11:09 615424 --------- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-14 11:09 55808 --------- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-14 11:09 532480 --------- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-14 11:09 474112 --------- C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-06-14 11:09 449024 --------- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-14 11:09 39424 --------- C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-06-14 11:09 357888 --------- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-06-14 11:09 3058688 --------- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-06-14 11:09 251392 --------- C:\WINDOWS\system32\dllcache\iepeers.dll
2007-06-14 11:09 205312 --------- C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-06-14 11:09 16384 --------- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-14 11:09 151040 --------- C:\WINDOWS\system32\dllcache\cdfview.dll
2007-06-14 11:09 1494528 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-06-14 11:09 146432 --------- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-14 11:09 1054208 --------- C:\WINDOWS\system32\dllcache\danim.dll
2007-06-14 11:09 1023488 --------- C:\WINDOWS\system32\dllcache\browseui.dll
2007-06-14 07:07 18432 --------- C:\WINDOWS\system32\dllcache\iedw.exe
2007-06-13 03:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 03:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-12-10 06:04]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
C:\Documents and Settings\Jay Gatsby\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 08:00:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 08:00:00]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\microsoft frontpage\profsyfsyveq.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk
backup=C:\WINDOWS\pss\ WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk
backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay Gatsby^Start Menu^Programs^Startup^ASE Scheduler.lnk]
path=C:\Documents and Settings\Jay Gatsby\Start Menu\Programs\Startup\ASE Scheduler.lnk
backup=C:\WINDOWS\pss\ASE Scheduler.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay Gatsby^Start Menu^Programs^Startup^Corel Print Office Registration.lnk]
path=C:\Documents and Settings\Jay Gatsby\Start Menu\Programs\Startup\Corel Print Office Registration.lnk
backup=C:\WINDOWS\pss\Corel Print Office Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay Gatsby^Start Menu^Programs^Startup^Trillian.lnk]
path=C:\Documents and Settings\Jay Gatsby\Start Menu\Programs\Startup\Trillian.lnk
backup=C:\WINDOWS\pss\Trillian.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay Gatsby^Start Menu^Programs^Startup^Virtual Bouncer.lnk]
path=C:\Documents and Settings\Jay Gatsby\Start Menu\Programs\Startup\Virtual Bouncer.lnk
backup=C:\WINDOWS\pss\Virtual Bouncer.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jay Gatsby^Start Menu^Programs^Startup^Wallpaper Changer.lnk]
path=C:\Documents and Settings\Jay Gatsby\Start Menu\Programs\Startup\Wallpaper Changer.lnk
backup=C:\WINDOWS\pss\Wallpaper Changer.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcctMgr]
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"C:\Program Files\D-Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eyeball Chat]
"C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"c:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\system32\hphmon05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mav_startupmon]
"C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"C:\Program Files\Dell\Media Experience\PCMService.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe]
nwiz.exe /install
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoniqueQuickStart]
C:\Program Files\Sonique\sqstart.exe -nostick
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
"C:\Program Files\Web_Rebates\WebRebates0.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
C:\Program Files\Logitech\iTouch\iTouch.exe
R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys
R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\WINDOWS\system32\DRIVERS\avipbb.sys
R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys
R1 ssmdrv;ssmdrv;C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
R3 BLKWGD;Belkin Wireless G Desktop Card Service;C:\WINDOWS\system32\DRIVERS\BLKWGD.sys
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
S3 ATITUNEP;ATI WDM TV Tuner (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\atintuxx.sys
S3 ativraxx;ATI WDM Rage Theater Audio (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\atinraxx.sys
S3 ATIXSAudio;ATI WDM TV Audio (Microsoft Corporation) Crossbar (Microsoft Corporation);C:\WINDOWS\system32\DRIVERS\atinxsxx.sys
S3 BCMModem;BCM V.92 56K Modem;C:\WINDOWS\system32\DRIVERS\BCMSM.sys
S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
S3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\Drivers\itchfltr.sys
S3 LwUsbHid;Logitech WingMan Formula Force USB;C:\WINDOWS\system32\DRIVERS\LwUsbHid.sys
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
S3 XIRLINK;Veo Mobile/Advanced Web Camera;C:\WINDOWS\system32\DRIVERS\ucdnt.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ab403c2-6ef6-11db-86f5-001150d48881}]
AutoRun\command- E:\setupSNK.exe
Contents of the 'Scheduled Tasks' folder
2004-12-24 18:08:18 C:\WINDOWS\Tasks\HP Usg Daily.job - c:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
2007-08-19 10:00:00 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job - C:\Program Files\SpywareBot\SpywareBot.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-19 15:09:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-19 15:10:38
C:\ComboFix-quarantined-files.txt ... 2007-08-19 15:10
C:\ComboFix2.txt ... 2007-08-14 17:10
--- E O F ---
Hi
Uninstall via add/remove programs (control panel) if present:
SpywareBot
First we'll need to backup registry:
Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.
Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mav_startupmon]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source=-
It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif
Doubleclick fix.reg, press Yes and ok.
(In case you are unsure how to create a reg file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Reg_File_) with screenshots.)
Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Post:
- a fresh HijackThis log
- kaspersky report
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Re-opened upon request. :)
Gatsby, Jay P.
2007-09-19, 08:10
Logs, sorry bout the wait, internet went capoot... caput? kaputz. Whatever, here are the logs, thanks for the help! This will be in 3 or 4 parts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, September 17, 2007 5:41:10 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 18/09/2007
Kaspersky Anti-Virus database records: 420073
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 100560
Number of viruses found: 16
Number of infected objects: 38
Number of suspicious objects: 0
Duration of the scan process: 01:33:47
Infected Object Name / Virus Name / Last Action
C:\d99e946ea6d54d2ea0df\sp2\update\update.exe Object is locked skipped
C:\Documents and Settings\All Users\Documents\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.ASX Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.BMP Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.WMA Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\DBZ.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\favorites.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Send To Playlist.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\168765EB\Plylst1.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\168765EB\Plylst10.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\168765EB\Plylst11.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\168765EB\Plylst12.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\168765EB\Plylst13.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\168765EB\Plylst14.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\168765EB\Plylst15.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\168765EB\Plylst2.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\168765EB\Plylst3.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\168765EB\Plylst4.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\168765EB\Plylst5.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\168765EB\Plylst6.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\168765EB\Plylst7.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\168765EB\Plylst8.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\168765EB\Plylst9.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\Jay Gatsby\Application Data\Mozilla\Firefox\Profiles\wgp3r56k.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jay Gatsby\Application Data\Mozilla\Firefox\Profiles\wgp3r56k.default\history.dat Object is locked skipped
C:\Documents and Settings\Jay Gatsby\Application Data\Mozilla\Firefox\Profiles\wgp3r56k.default\key3.db Object is locked skipped
C:\Documents and Settings\Jay Gatsby\Application Data\Mozilla\Firefox\Profiles\wgp3r56k.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jay Gatsby\Application Data\Mozilla\Firefox\Profiles\wgp3r56k.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jay Gatsby\Application Data\Mozilla\Firefox\Profiles\wgp3r56k.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jay Gatsby\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Jay Gatsby\Desktop\scanner\backups\backup-20070819-150147-202.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\Jay Gatsby\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jay Gatsby\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jay Gatsby\Local Settings\Application Data\Mozilla\Firefox\Profiles\wgp3r56k.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jay Gatsby\Local Settings\Application Data\Mozilla\Firefox\Profiles\wgp3r56k.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jay Gatsby\Local Settings\Application Data\Mozilla\Firefox\Profiles\wgp3r56k.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jay Gatsby\Local Settings\Application Data\Mozilla\Firefox\Profiles\wgp3r56k.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jay Gatsby\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Jay Gatsby\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jay Gatsby\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jay Gatsby\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3B2C6262 Infected: Trojan-Downloader.Win32.PurityScan.c skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5091535D Infected: not-a-virus:AdWare.Win32.SaveNow.g skipped
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\65FE0239 Infected: not-a-virus:AdWare.Win32.SaveNow.ay skipped
C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pmkhi.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qomkhii.dll.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\roroxcfy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ssttt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\T2\dlb66.exe.vir/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\T2\dlb66.exe.vir/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\T2\dlb66.exe.vir/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\T2\dlb66.exe.vir ZIP: infected - 3 skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\T2\dlb66.exe.vir WiseSFX Dropper: infected - 3 skipped
C:\QooBox\Quarantine\catchme2007-08-14_170827.99.zip/core.sys Infected: Rootkit.Win32.Agent.eq skipped
C:\QooBox\Quarantine\catchme2007-08-14_170827.99.zip/ddccd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\catchme2007-08-14_170827.99.zip/qomkhii.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\catchme2007-08-14_170827.99.zip ZIP: infected - 3 skipped
Gatsby, Jay P.
2007-09-19, 08:12
C:\RECYCLER\NPROTECT\00038913.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00038914.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00038918.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00038919.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00038921.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00038922.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00038969.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00038970.VXD Object is locked skipped
C:\RECYCLER\NPROTECT\00038971.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00038972 Object is locked skipped
C:\RECYCLER\NPROTECT\00038973.EXP Object is locked skipped
C:\RECYCLER\NPROTECT\00038974.SYS Object is locked skipped
C:\RECYCLER\NPROTECT\00038975.VXD Object is locked skipped
C:\RECYCLER\NPROTECT\00038976.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00038977.EXP Object is locked skipped
C:\RECYCLER\NPROTECT\00038978.SYS Object is locked skipped
C:\RECYCLER\NPROTECT\00038979.VXD Object is locked skipped
C:\RECYCLER\NPROTECT\00038980.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00038981.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00038982.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00038983.CAT Object is locked skipped
C:\RECYCLER\NPROTECT\00038984.INF Object is locked skipped
C:\RECYCLER\NPROTECT\00038985.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00038986.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00038987.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00038988.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00038989.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00038990.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00038991.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00038992.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00038993.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00038994.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00038995.GRD Object is locked skipped
C:\RECYCLER\NPROTECT\00038996.SIG Object is locked skipped
C:\RECYCLER\NPROTECT\00038997.INF Object is locked skipped
C:\RECYCLER\NPROTECT\00038998.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00038999.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039000.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039001.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039002.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039003.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039004.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039005.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039006.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039007.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039008.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039009.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039043.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00039044.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00039046.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00039047.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00039056.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00039057.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00039080.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00039099.LRD Object is locked skipped
C:\RECYCLER\NPROTECT\00039148.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039149.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039153.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039154.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039155.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039156.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039157.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039158.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039159.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039160.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039161.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039167.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00039178.LRD Object is locked skipped
C:\RECYCLER\NPROTECT\00039179.pls Object is locked skipped
C:\RECYCLER\NPROTECT\00039186.pls Object is locked skipped
C:\RECYCLER\NPROTECT\00039189.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00039236.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039237.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039239.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039240.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039241.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039243.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039244.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039245.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00039246.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00039247.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00039248.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00039249.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00039250.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00039252.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00039253.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00039254.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039255.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039257.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039258.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00039259.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00039260.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00039261.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00039262.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00039263.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00039268.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00039269.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00039270.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00039271.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039272.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039274.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039275.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00039276.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00039277.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00039278.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00039279.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00039280.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00039284.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039285.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039287.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039288.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039289.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039295.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00039297.pls Object is locked skipped
C:\RECYCLER\NPROTECT\00039335.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039336.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039338.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039339.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039340.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039341.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039342.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039343.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039349.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00039367.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00039368.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00039370.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00039371.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00039428.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00039445.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00039446.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00039526.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039527.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039528.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039529.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039530.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039531.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039532.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039533.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039534.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039535.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039536.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039537.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039538.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039539.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039540.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039541.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039542.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039543.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039544.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039545.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039546.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039547.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039548.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039549.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039550.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039551.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039552.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039553.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039554.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039555.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039556.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039557.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039558.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039559.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039561.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039562.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039563.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039564.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00039565.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00039566.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039567.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039573.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00039576.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00039614.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039615.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039616.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039617.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039619.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039626.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039627.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039633.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00039672.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039673.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039674.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039675.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039677.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039678.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00039679.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039680.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039686.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00039716.LRD Object is locked skipped
C:\RECYCLER\NPROTECT\00039718.LRD Object is locked skipped
C:\RECYCLER\NPROTECT\00039719.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00039720.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00039726.LRD Object is locked skipped
C:\RECYCLER\NPROTECT\00039727.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00039728.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00039730.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00039731.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00039752 Object is locked skipped
C:\RECYCLER\NPROTECT\00039753.1 Object is locked skipped
C:\RECYCLER\NPROTECT\00039754.2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039755.3 Object is locked skipped
Gatsby, Jay P.
2007-09-19, 08:14
C:\RECYCLER\NPROTECT\00039756.mch Object is locked skipped
C:\RECYCLER\NPROTECT\00039803.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039804.VXD Object is locked skipped
C:\RECYCLER\NPROTECT\00039805.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00039806 Object is locked skipped
C:\RECYCLER\NPROTECT\00039807.EXP Object is locked skipped
C:\RECYCLER\NPROTECT\00039808.SYS Object is locked skipped
C:\RECYCLER\NPROTECT\00039809.VXD Object is locked skipped
C:\RECYCLER\NPROTECT\00039810.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00039811.EXP Object is locked skipped
C:\RECYCLER\NPROTECT\00039812.SYS Object is locked skipped
C:\RECYCLER\NPROTECT\00039813.VXD Object is locked skipped
C:\RECYCLER\NPROTECT\00039814.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00039815.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039816.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039817.CAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039818.INF Object is locked skipped
C:\RECYCLER\NPROTECT\00039819.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039820.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039821.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039822.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039823.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039824.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039825.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039826.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039827.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039828.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039829.GRD Object is locked skipped
C:\RECYCLER\NPROTECT\00039830.SIG Object is locked skipped
C:\RECYCLER\NPROTECT\00039831.INF Object is locked skipped
C:\RECYCLER\NPROTECT\00039832.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039833.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039834.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039835.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039836.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039837.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039838.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039839.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039840.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039841.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039842.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00039843.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00039896.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00039897.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00039990.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039991.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039993.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039994.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00039995.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039996.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039997.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00039998.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00039999.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00040000.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040001.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040002.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040003.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040005.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040007.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00040008.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00040009.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040010.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040016.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00040023.CAB Object is locked skipped
C:\RECYCLER\NPROTECT\00040026.pls Object is locked skipped
C:\RECYCLER\NPROTECT\00040027.pls Object is locked skipped
C:\RECYCLER\NPROTECT\00040036.pls Object is locked skipped
C:\RECYCLER\NPROTECT\00040076.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040077.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040079.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040080.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040081.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040082.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040083.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040084.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040085.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040087.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040088.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040089.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040090.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040091.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040092.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040093.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040094.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040095.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040096.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040098.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040099.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040100.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040101.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040102.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040103.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040105.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040106.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040107.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040108.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040109.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040111.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040112.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040113.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040114.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040115.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040116.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040119.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040120.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040121.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040122.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040123.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040124.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040125.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040127.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040128.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040129.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040131.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040132.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00040133.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00040134.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040135.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040141.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00040148.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00040149.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00040151.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00040152.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00040199.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040200.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040202.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040203.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040204.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040205.pls Object is locked skipped
C:\RECYCLER\NPROTECT\00040206.pls Object is locked skipped
C:\RECYCLER\NPROTECT\00040213.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040214.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040220.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00040261.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040262.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040264.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040265.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040266.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040267.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00040268.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040269.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040270.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040271.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040272.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040273.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040275.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040277.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040278.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040283.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00040290.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00040359.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040360.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040362.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040363.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040364.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040365.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040375.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040376.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040377.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040378.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040380.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040381.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040382.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040383.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040385.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040388.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040389.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040390.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040396.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00040398.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00040402.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00040403.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00040405.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00040406.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00040445.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040447.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040448.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040449.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040450.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040458.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040459.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040465.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00040506.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040507.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040508.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040509.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040510.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040511.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040512.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040513.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040514.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040515.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040516.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040517.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040518.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040519.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040520.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040521.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040522.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040523.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040524.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040525.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040526.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040527.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040528.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040529.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040530.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040531.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040532.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040533.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040534.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040535.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040536.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040537.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040538.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040539.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00040540.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040541.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040543.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040544.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040545.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040546.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040547.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040548.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040549.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040550.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040552.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040553.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040555.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040556.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00040557.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00040558.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040559.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040561.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040562.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040563.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040564.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040565.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040567.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040568.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00040569.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00040570.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040571.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040572.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040574.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040575.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040576.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00040577.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040578.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040584.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00040588.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00040589.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00040595.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00040600.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00040643.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00040655.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00040656.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00040658.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00040659.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00040723.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040724.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040726.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040727.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040729.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040730.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00040731.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040732.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040733.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040734.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040736.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040743.CAB Object is locked skipped
C:\RECYCLER\NPROTECT\00040745.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040746.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040748.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040749.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040751.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00040752.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040753.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040758.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00040820.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040822.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040823.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040824.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040825.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00040827.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040828.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00040833.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00040834.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00040835.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00040841.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00040856.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00040857.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00040859.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00040860.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00040880.pls Object is locked skipped
C:\RECYCLER\NPROTECT\00040882.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00040883.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00040884.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00040885.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00040886.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00040908.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00040924.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00040925.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00040926.HLP Object is locked skipped
C:\RECYCLER\NPROTECT\00040927.INI Object is locked skipped
C:\RECYCLER\NPROTECT\00040928.GPD Object is locked skipped
C:\RECYCLER\NPROTECT\00040929.GPD Object is locked skipped
C:\RECYCLER\NPROTECT\00040930.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00040931.GPD Object is locked skipped
C:\RECYCLER\NPROTECT\00040932.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00040933.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00040934.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00040935.GPD Object is locked skipped
C:\RECYCLER\NPROTECT\00040936.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00040937.HLP Object is locked skipped
C:\RECYCLER\NPROTECT\00040938.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00040939.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00040941.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00041085.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041086.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041087.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041088.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041089.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041090.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041091.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041092.hp2 Object is locked skipped
Gatsby, Jay P.
2007-09-19, 08:15
C:\RECYCLER\NPROTECT\00041093.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041094.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041096.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041097.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041098.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041099.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041100.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041101.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041103.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041104.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041105.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041106.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041111.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00041113.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00041114.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00041151.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041152.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041153.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041154.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041155.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041156.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041158.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041159.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041164.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00041201.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041202.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041204.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041205.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041206.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00041207.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041208.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041213.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00041250.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041251.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041252.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041253.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041255.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00041256.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00041257.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041258.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041259.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041260.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041261.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041262.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041264.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041265.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041266.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041267.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041268.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041269.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041271.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041272.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041273.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041274.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041275.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041276.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041278.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00041279.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041280.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041281.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041282.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041283.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041284.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041286.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041287.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041288.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041289.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041290.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041291.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041293.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00041296.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041297.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041298.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041299.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041337.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041338.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041340.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041341.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041343.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00041344.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00041345.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041346.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041347.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041348.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041349.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041350.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041352.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00041353.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041354.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041359.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00041490.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041491.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041492.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041493.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041494.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041495.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041496.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041497.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041498.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041499.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041500.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041501.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041502.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041503.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041504.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041505.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041506.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041507.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041508.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041509.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041510.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041511.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041512.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041513.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041514.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041515.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041516.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041517.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041518.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041519.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041520.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041521.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041522.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00041523.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041525.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041526.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041527.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041528.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00041535.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00041537.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041538.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041543.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00041580.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041581.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041582.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041583.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041585.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00041586.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00041587.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00041588.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00041589.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00041590.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00041591.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00041593.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041594.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041595.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041596.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041597.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041598.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041600.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041601.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041602.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041603.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041604.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041605.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041607.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00041614.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041615.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041617.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00041618.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041619.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041620.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041621.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041622.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041623.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041625.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00041626.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00041627.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041628.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041629.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041630.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041632.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00041633.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041634.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041635.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041636.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041637.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041638.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041640.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00041641.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041642.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041644.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00041645.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041646.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00041648.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
Gatsby, Jay P.
2007-09-19, 08:16
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1172\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1173\A0063118.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1173\A0063138.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1173\A0063150.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1173\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1198\A0064407.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1204\A0064610.exe Infected: not-a-virus:AdWare.Win32.Rond.a skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064708.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064712.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064713.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064714.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064715.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064716.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064717.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064718.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064719.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064720.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064721.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064722.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064723.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064724.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064725.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064726.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064727.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064728.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064729.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064730.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064731.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064732.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064733.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064734.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064735.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064736.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064737.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064738.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064739.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064740.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064741.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064742.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064743.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064744.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064745.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064746.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064747.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064748.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064749.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064750.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064751.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064752.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064753.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064754.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064755.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064756.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064757.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064758.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064759.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064760.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064761.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064762.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064763.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064764.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064765.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064766.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064767.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064768.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064769.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064770.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064771.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064772.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064773.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064774.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064775.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064776.dll Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064777.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064778.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1206\A0064779.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1207\A0065617.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1207\A0065623.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1207\A0065624.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1207\A0065631.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1207\A0065645.exe/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1207\A0065645.exe/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1207\A0065645.exe/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1207\A0065645.exe ZIP: infected - 3 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1207\A0065645.exe WiseSFX Dropper: infected - 3 skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1207\A0065654.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1207\A0065655.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1209\A0066748.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1233\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\flash.inf Infected: not-a-virus:AdWare.Win32.BetterInternet.as skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{66FA1ED2-9BEA-4E40-A613-75815F9ECA2B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\SYSTEM32\SWRT01.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.g skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 10:07:38 PM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sonique\sqstart.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jay Gatsby\Desktop\scanner\scanner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\SYSTEM32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\SYSTEM32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} - http://69.56.176.227/webplugin.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Hi
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)
You can unhide them again when I say you're clean.
Empty these folders:
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\
C:\QooBox\Quarantine
Delete these:
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\Downloaded Program Files\flash.inf
C:\WINDOWS\SYSTEM32\SWRT01.dll
Empty Recycle Bin
Re-scan with kaspersky
Post:
- a fresh HijackThis log
- kaspersky report
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.