PDA

View Full Version : Zlob DNSchanger has taken over



luckyinkentucky
2007-11-11, 08:57
It started out yesterday, and I kept getting redirected on the internet. So, I ran Spybot S&D, and this kept coming up. I would remove it, but it kept coming back. So, I searched on here, and came up with the 'Fixwareout' download.

Here are the results of running Fixwareout.

---------------------------------------------

Username "luckyinkentucky" - 11/11/2007 0:45:56 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D96E2BC6-E4EB-46F9-91AC-F9D9447F74CE}
"nameserver"="85.255.116.126,85.255.112.215" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5785D49D-CF6B-433D-835C-C079A6AB0CF3}
"DhcpNameServer"="85.255.116.126,85.255.112.215" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)

....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

pskelley
2007-11-11, 19:00
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Start with ONLY the Two Logs We Ask For in Our Sticky Topic, NOT CF etc
http://forums.spybot.info/showthread.php?t=16806

Thanks

luckyinkentucky
2007-11-11, 21:17
Here is the information you requested.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:40 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ABIT\uGuru\uGuru.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

luckyinkentucky
2007-11-11, 21:18
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\ABIT\uGuru\uGuru.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189557385890
O17 - HKLM\System\CCS\Services\Tcpip\..\{0528D672-8F03-4CB4-AFAF-F15CE9BD6569}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{29AACDC6-A452-4DC2-9865-36122C912303}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0528D672-8F03-4CB4-AFAF-F15CE9BD6569}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0528D672-8F03-4CB4-AFAF-F15CE9BD6569}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 8253 bytes

luckyinkentucky
2007-11-11, 21:22
Here is the link to the report for the Kapersky file.

file:///C:/Documents%20and%20Settings/Home/Desktop/Kaperky%20scan%20111107.html

luckyinkentucky
2007-11-11, 21:23
How can I send you the Kapersky file? It is quite lengthy. Here is a summary

Total number of scanned objects 94740
Number of viruses found 6
Number of infected objects 14
Number of suspicious objects 0
Duration of the scan process 01:12:38


The file is possibly 4 pages long.

pskelley
2007-11-11, 21:38
Thanks for posting the information, the hackers in this case are Ukrainian and this is where they originate:
85.255.116.126 >>>
http://whois.domaintools.com/85.255.116.126
I am not sure how they do it, their numbers used to appear but now they hide behind other numbers to keep from being detected. Follow these instructions:


Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O17 - HKLM\System\CCS\Services\Tcpip\..\{0528D672-8F03-4CB4-AFAF-F15CE9BD6569}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{29AACDC6-A452-4DC2-9865-36122C912303}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0528D672-8F03-4CB4-AFAF-F15CE9BD6569}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0528D672-8F03-4CB4-AFAF-F15CE9BD6569}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Fixwareout has
Successfully flushed the DNS Resolver Cache.
You still might want to check with your ISP tech support, make them aware of the hijacking and ask them to check that your settings are back where they should be.

Kaspersky: I can not know without looking what the 14 items are. In the case of the HJT log, you split it and probably could have gotten it in one post. Break the Kaspersky scan into as few posts as possible.

Thanks

see this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
Check Java for an update and then uninstall all old versions in Add Remove programs.

luckyinkentucky
2007-11-11, 23:00
Here is the Kapersky file


C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-09182007-171236.log Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\cert8.db Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\history.dat Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\key3.db Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\parent.lock Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Home\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{419554F5-849D-4D63-B5B2-AFD8D62B7F92} Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Home\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\566c9171e\netlogon.dl_ Object is locked skipped
D:\566c9171e\netman.dl_ Object is locked skipped
D:\566c9171e\netnm.in_ Object is locked skipped
D:\566c9171e\netoc.dl_ Object is locked skipped
D:\566c9171e\netplwiz.dl_ Object is locked skipped
D:\566c9171e\netrtsnt.in_ Object is locked skipped
D:\566c9171e\netsetup.exe Object is locked skipped
D:\566c9171e\netshell.dl_ Object is locked skipped
D:\566c9171e\netwlan.in_ Object is locked skipped
D:\566c9171e\netwlan2.in_ Object is locked skipped
D:\566c9171e\netwlan5.img Object is locked skipped
D:\566c9171e\netwlan5.sys Object is locked skipped
D:\566c9171e\netwv48.in_ Object is locked skipped
D:\566c9171e\new\apph_sp.sd_ Object is locked skipped
D:\566c9171e\new\apps_sp.ch_ Object is locked skipped
D:\566c9171e\new\ati2dvaa.dl_ Object is locked skipped
D:\566c9171e\new\ati2dvag.dl_ Object is locked skipped
D:\566c9171e\new\ati2mtaa.sy_ Object is locked skipped
D:\566c9171e\new\ati2mtag.sy_ Object is locked skipped
D:\566c9171e\new\ati3d1ag.dl_ Object is locked skipped
D:\566c9171e\new\ati3d2ag.dl_ Object is locked skipped
D:\566c9171e\new\atiixpaa.in_ Object is locked skipped
D:\566c9171e\new\atiixpag.in_ Object is locked skipped
D:\566c9171e\new\atinbtxx.sy_ Object is locked skipped
D:\566c9171e\new\atinmdxx.sy_ Object is locked skipped
D:\566c9171e\new\atinpdxx.sy_ Object is locked skipped
D:\566c9171e\new\atinraxx.sy_ Object is locked skipped
D:\566c9171e\new\atinrvxx.sy_ Object is locked skipped
D:\566c9171e\new\atinsnxx.sy_ Object is locked skipped
D:\566c9171e\new\atinttxx.sy_ Object is locked skipped
D:\566c9171e\new\atintuxx.sy_ Object is locked skipped
D:\566c9171e\new\atinxbxx.sy_
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-09182007-171236.log Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\cert8.db Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\history.dat Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\key3.db Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\parent.lock Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Home\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{419554F5-849D-4D63-B5B2-AFD8D62B7F92} Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Home\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\566c9171e\netlogon.dl_ Object is locked skipped
D:\566c9171e\netman.dl_ Object is locked skipped
D:\566c9171e\netnm.in_ Object is locked skipped
D:\566c9171e\netoc.dl_ Object is locked skipped
D:\566c9171e\netplwiz.dl_ Object is locked skipped
D:\566c9171e\netrtsnt.in_ Object is locked skipped
D:\566c9171e\netsetup.exe Object is locked skipped
D:\566c9171e\netshell.dl_ Object is locked skipped
D:\566c9171e\netwlan.in_ Object is locked skipped
D:\566c9171e\netwlan2.in_ Object is locked skipped
D:\566c9171e\netwlan5.img Object is locked skipped
D:\566c9171e\netwlan5.sys Object is locked skipped
D:\566c9171e\netwv48.in_ Object is locked skipped
D:\566c9171e\new\apph_sp.sd_ Object is locked skipped
D:\566c9171e\new\apps_sp.ch_ Object is locked skipped
D:\566c9171e\new\ati2dvaa.dl_ Object is locked skipped
D:\566c9171e\new\ati2dvag.dl_ Object is locked skipped
D:\566c9171e\new\ati2mtaa.sy_ Object is locked skipped
D:\566c9171e\new\ati2mtag.sy_ Object is locked skipped
D:\566c9171e\new\ati3d1ag.dl_ Object is locked skipped
D:\566c9171e\new\ati3d2ag.dl_ Object is locked skipped
D:\566c9171e\new\atiixpaa.in_ Object is locked skipped
D:\566c9171e\new\atiixpag.in_ Object is locked skipped
D:\566c9171e\new\atinbtxx.sy_ Object is locked skipped
D:\566c9171e\new\atinmdxx.sy_ Object is locked skipped
D:\566c9171e\new\atinpdxx.sy_ Object is locked skipped
D:\566c9171e\new\atinraxx.sy_ Object is locked skipped
D:\566c9171e\new\atinrvxx.sy_ Object is locked skipped
D:\566c9171e\new\atinsnxx.sy_ Object is locked skipped
D:\566c9171e\new\atinttxx.sy_ Object is locked skipped
D:\566c9171e\new\atintuxx.sy_ Object is locked skipped
D:\566c9171e\new\atinxbxx.sy_

luckyinkentucky
2007-11-11, 23:05
D:\566c9171e\new\atinxsxx.sy_ Object is locked skipped
D:\566c9171e\new\ativdaxx.ax_ Object is locked skipped
D:\566c9171e\new\ativmvxx.ax_ Object is locked skipped
D:\566c9171e\new\atixpwdm.in_ Object is locked skipped
D:\566c9171e\new\c_28603.nl_ Object is locked skipped
D:\566c9171e\new\dsprpres.dl_ Object is locked skipped
D:\566c9171e\new\encapi.dl_ Object is locked skipped
D:\566c9171e\new\encdec.dl_ Object is locked skipped
D:\566c9171e\new\faxpatch.ex_ Object is locked skipped
D:\566c9171e\new\hccoin.dl_ Object is locked skipped
D:\566c9171e\new\hidir.sy_ Object is locked skipped
D:\566c9171e\new\hscupd.ex_ Object is locked skipped
D:\566c9171e\new\hscxpsp1.cab Object is locked skipped
D:\566c9171e\new\irbus.in_ Object is locked skipped
D:\566c9171e\new\logo.gi_ Object is locked skipped
D:\566c9171e\new\logowin.gi_ Object is locked skipped
D:\566c9171e\new\medctrro.ex_ Object is locked skipped
D:\566c9171e\new\msctfime.im_ Object is locked skipped
D:\566c9171e\new\msftedit.dl_ Object is locked skipped
D:\566c9171e\new\mssap.dl_ Object is locked skipped
D:\566c9171e\new\mutohpen.sy_ Object is locked skipped
D:\566c9171e\new\netbeac.in_ Object is locked skipped
D:\566c9171e\new\nettun.in_ Object is locked skipped
D:\566c9171e\new\nv4_disp.in_ Object is locked skipped
D:\566c9171e\new\nvct.in_ Object is locked skipped
D:\566c9171e\new\nvdm.in_ Object is locked skipped
D:\566c9171e\new\nvts.in_ Object is locked skipped
D:\566c9171e\new\oeaccess.in_ Object is locked skipped
D:\566c9171e\new\osloader.nt_ Object is locked skipped
D:\566c9171e\new\ramdisk.in_ Object is locked skipped
D:\566c9171e\new\rtcimsp.dl_ Object is locked skipped
D:\566c9171e\new\sbe.dl_ Object is locked skipped
D:\566c9171e\new\sbeio.dl_ Object is locked skipped
D:\566c9171e\new\secupd.dat Object is locked skipped
D:\566c9171e\new\secupd.sig Object is locked skipped
D:\566c9171e\new\smtpsvc.dl_ Object is locked skipped
D:\566c9171e\new\snchk.ex_ Object is locked skipped
D:\566c9171e\new\sp1.cab Object is locked skipped
D:\566c9171e\new\spgrmr.dl_ Object is locked skipped
D:\566c9171e\new\usbehci.sy_ Object is locked skipped
D:\566c9171e\new\wacompen.sy_ Object is locked skipped
D:\566c9171e\new\winbrand.dl_ Object is locked skipped
D:\566c9171e\new\winhttp.dl_ Object is locked skipped
D:\566c9171e\new\wmaccess.in_ Object is locked skipped
D:\566c9171e\new\wmpocm.in_ Object is locked skipped
D:\566c9171e\new\wmvcore2.dl_ Object is locked skipped
D:\566c9171e\new\wuau.ad_ Object is locked skipped
D:\566c9171e\new\wuauhelp.ch_ Object is locked skipped
D:\566c9171e\new\xpsp1res.dl_ Object is locked skipped
D:\566c9171e\newalert.wa_ Object is locked skipped
D:\566c9171e\newdev.dl_ Object is locked skipped
D:\566c9171e\newemail.wa_ Object is locked skipped
D:\566c9171e\neweula.ht_ Object is locked skipped
D:\566c9171e\nic1394.sys Object is locked skipped
D:\566c9171e\nlhtml.dl_ Object is locked skipped
D:\566c9171e\nmas.dl_ Object is locked skipped
D:\566c9171e\nmasnt.dl_ Object is locked skipped
D:\566c9171e\nmchat.dl_ Object is locked skipped
D:\566c9171e\nmcom.dl_ Object is locked skipped
D:\566c9171e\nmft.dl_ Object is locked skipped
D:\566c9171e\nmmkcert.dl_ Object is locked skipped
D:\566c9171e\nmnt.sy_ Object is locked skipped
D:\566c9171e\nmoldwb.dl_ Object is locked skipped
D:\566c9171e\nmpgmgrp.ex_ Object is locked skipped
D:\566c9171e\nmwb.dl_ Object is locked skipped
D:\566c9171e\npdrmv2.dl_ Object is locked skipped
D:\566c9171e\npdsplay.dl_ Object is locked skipped
D:\566c9171e\nppagent.ex_ Object is locked skipped
D:\566c9171e\npptools.dl_ Object is locked skipped
D:\566c9171e\npwmsdrm.dl_ Object is locked skipped
D:\566c9171e\nt5.ca_ Object is locked skipped
D:\566c9171e\ntdetect.com Object is locked skipped
D:\566c9171e\ntdll.dll Object is locked skipped
D:\566c9171e\ntfs.sys Object is locked skipped
D:\566c9171e\ntio.sy_ Object is locked skipped
D:\566c9171e\ntkrnlmp.ex_ Object is locked skipped
D:\566c9171e\ntkrnlpa.exe Object is locked skipped
D:\566c9171e\ntkrpamp.exe Object is locked skipped
D:\566c9171e\ntlanman.dl_ Object is locked skipped
D:\566c9171e\ntldr Object is locked skipped
D:\566c9171e\ntmarta.dl_ Object is locked skipped
D:\566c9171e\ntmsapi.dl_ Object is locked skipped
D:\566c9171e\ntmsdba.dl_ Object is locked skipped
D:\566c9171e\ntmssvc.dl_ Object is locked skipped
D:\566c9171e\ntoskrnl.ex_ Object is locked skipped
D:\566c9171e\ntprint.cat Object is locked skipped
D:\566c9171e\ntprint.dl_ Object is locked skipped
D:\566c9171e\ntshrui.dl_ Object is locked skipped
D:\566c9171e\ntvdm.ex_ Object is locked skipped
D:\566c9171e\nv4_disp.dll Object is locked skipped
D:\566c9171e\nv4_mini.sys Object is locked skipped
D:\566c9171e\nwprovau.dl_

luckyinkentucky
2007-11-11, 23:06
Is there any way to send you a txt of this file? it is really closer to 14 posts long. I'm not even 1/10 of the way through.

pskelley
2007-11-12, 00:13
Have a look at the PM I am sending you.

pskelley
2007-11-12, 01:13
Kaspersky Online Scanner Sunday, November 11, 2007 1:14:53 PM

Number of infected objects 14

You should delete all of this infected stuff. I can not tell if it is just the .exe that is infected or not. You will need to make that call from there.

D:\Pictures\cat pictures\Funny Pic.exe/data0011 Infected: Trojan-Spy.Win32.VB.mw skipped
D:\Pictures\cat pictures\Funny Pic.exe/data0013 Infected: Trojan-Spy.Win32.WinSpy.r skipped
D:\Pictures\cat pictures\Funny Pic.exe/data0017 Infected: not-a-virus:Monitor.Win32.WinSpy.88 skipped
D:\Pictures\cat pictures\Funny Pic.exe/data0026 Infected: Trojan-Spy.Win32.WinSpy.l skipped
D:\Pictures\cat pictures\Funny Pic.exe/data0028 Infected: Trojan-Spy.Win32.WinSpy.x skipped
D:\Pictures\cat pictures\Funny Pic.exe/data0030 Infected: Trojan-Spy.Win32.WinSpy.r skipped
D:\Pictures\cat pictures\Funny Pic.exe/data0032 Infected: Trojan-Spy.Win32.WinSpy.l skipped
D:\Pictures\cat pictures\Funny Pic.exe/data0033 Infected: Trojan-Spy.Win32.WinSpy.l skipped
D:\Pictures\cat pictures\Funny Pic.exe/data0034 Infected: Trojan-Spy.Win32.WinSpy.l skipped
D:\Pictures\cat pictures\Funny Pic.exe NSIS: infected - 9 skipped

??looks illegal I would delete the program, once again I can't tell exactly what is infected from here.

E:\Azureus files\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen.zip/Setup.exe/data.rar/updateFRB11.exe Infected: Trojan.Win32.Agent.cjk skipped
E:\Azureus files\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen.zip/Setup.exe/data.rar Infected: Trojan.Win32.Agent.cjk skipped
E:\Azureus files\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen.zip/Setup.exe Infected: Trojan.Win32.Agent.cjk skipped
E:\Azureus files\Cyberlink.PowerDVD.Ultra.Deluxe.v7.3.Multilingual.Incl.Keygen.zip ZIP: infected - 3 skipped

Note:
We do not support the use of illegal Pirated/Warez/Cracked software.

luckyinkentucky
2007-11-12, 01:46
Yeah, sorry. I just installed this drive as a backup drive, and there are some files on there that I'm going through. Thanks for the heads up. I erased that Azureus folder. :bigthumb:

pskelley
2007-11-12, 01:50
Thanks for that feedback, if you are back to normal, I will post this information for you now.

http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

luckyinkentucky
2007-11-12, 22:36
I thought I had the problem fixed last night, but I have not. For some reason when I do a 'Google' search it takes me to a different link altogether. Mostly Bizrate, or a similar site.

Also, I have noticed several of my Desktop shortcuts do not work. I have to manually go in and start the programs from the 'Program list'.

Here are the files requested.


------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:18 PM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ABIT\uGuru\uGuru.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\DOCUME~1\Home\LOCALS~1\Temp\~e5.0001
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\ABIT\uGuru\uGuru.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189557385890
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 7463 bytes

luckyinkentucky
2007-11-12, 22:37
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-09182007-171236.log Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\cert8.db Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\history.dat Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\key3.db Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\parent.lock Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Home\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5599544F-B9AE-4771-85BA-1EBDBA90937C} Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\History\History.IE5\MSHist012007111220071113\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Home\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{95BD975A-150D-426E-AEEC-0DC27DFE1109}\RP4\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP1\A0000047.exe Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP1\A0000048.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001764.sys Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001765.sys Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001766.sys Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001767.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001768.exe Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001769.sys Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001770.sys Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001771.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001772.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001773.sys Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001774.sys Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001775.sys Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001776.sys Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001777.cat Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001778.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001779.cat Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001780.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001781.cat Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001782.cat Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001783.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001784.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001785.cat Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001786.cat Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001787.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001788.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001789.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001790.exe Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001791.exe Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001792.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001793.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001794.sys Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001795.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001796.sys Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001797.exe Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001798.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001799.sys Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001800.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001801.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001802.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001803.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001804.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001805.sys Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001806.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001807.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001808.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001809.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001810.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001811.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001812.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001813.sys Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001814.sys Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001815.exe Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001816.ax Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001817.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001818.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001819.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001820.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001821.sys Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001822.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001823.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001824.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001825.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001826.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001827.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001828.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001829.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001830.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001831.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001832.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001833.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001834.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001835.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001836.exe Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001837.exe Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001838.exe Object is locked

luckyinkentucky
2007-11-12, 22:38
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001839.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001840.exe Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001841.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001842.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001843.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001844.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001845.exe Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001846.exe Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001847.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001848.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001849.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001850.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001851.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001852.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001853.sys Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001854.sys Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001855.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001856.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001857.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001858.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001859.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001860.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001861.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001862.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001863.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001864.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001865.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001866.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001867.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001868.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001869.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001870.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001871.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001872.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001873.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001874.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001875.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001876.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001877.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001878.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001879.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001880.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001881.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001882.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001883.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001884.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001885.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001886.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001887.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001888.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001889.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001890.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001891.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001892.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001893.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001894.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001895.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001896.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001897.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001898.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001899.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001900.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001901.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001902.sif Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001903.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001904.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001905.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001906.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001907.msi Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001908.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001909.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001910.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001911.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001912.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001913.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001914.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001915.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001916.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001917.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001918.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001919.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001920.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001921.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001922.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001923.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001924.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001925.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001926.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001927.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001928.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001929.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001930.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001931.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001932.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001933.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001934.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001935.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001936.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001937.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001938.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001939.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001940.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001941.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001942.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001943.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001944.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001945.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001946.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001947.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001948.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001949.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001950.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001951.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001952.inf Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001953.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001954.dll Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001955.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001956.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001957.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001958.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001959.ex_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001960.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001961.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001962.in_ Object is locked skipped
D:\System Volume Information\_restore{14C1EE04-1A21-4419-848D-4E89F60F6D3D}\RP2\A0001963.in_

luckyinkentucky
2007-11-12, 22:42
Then there is more "D:\System Volume Information\_restore" . This is the last information that is NOT the same as the other.

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{95BD975A-150D-426E-AEEC-0DC27DFE1109}\RP4\change.log Object is locked skipped
Scan process completed.


The other is close to 10 pages long, so I didn't want to waste webspace with posting it here.

luckyinkentucky
2007-11-12, 22:44
I forgot to mention that I have already run SB S&D in Safe Mode, and it came up with nothing. Also, Trend Micro House Call couldn't find anything either. I run a virus scan every morning at 4 a.m., and nothing showed up this morning.

tashi
2007-11-22, 01:43
luckyinkentucky, merged two topics.