greenday1
2007-11-18, 04:24
Can someone help me with these two registery keys? They came up as maleware. I did a webscan and it found alot of other issues too. Here are my two logs.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:22 PM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\Grisoft\AVG7\avgamsvr.exe
F:\Grisoft\AVG7\avgupsvc.exe
F:\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Grisoft\AVG7\avgcc.exe
F:\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\system32\devldr32.exe
F:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O4 - HKLM\..\Run: [AVG7_CC] F:\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AWMON] "F:\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] F:\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] F:\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] F:\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\Grisoft\AVG7\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RnJlZCBHYXJ2aW4\command.exe (file missing)
--
End of file - 2601 bytes
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, November 17, 2007 7:27:14 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/11/2007
Kaspersky Anti-Virus database records: 461025
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics:
Total number of scanned objects: 32892
Number of viruses found: 16
Number of infected objects: 43
Number of suspicious objects: 0
Duration of the scan process: 01:02:56
Infected Object Name / Virus Name / Last Action
C:\15.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\15.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007111720071118\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Temp\elcrabsr.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\Documents and Settings\Mike\Local Settings\Temp\vbvkelwd.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\Q0OQKQAA\hctp[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\SXM78HUN\upd32_v14[1] Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\YV8PY5A1\pochki20071106[1] Infected: Trojan.Win32.Obfuscated.kp skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Online Services\hotehynoz4444.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Program Files\Online Services\hotehynoz83122.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Program Files\page.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\RECYCLER\S-1-5-21-343818398-838170752-682003330-1003\Dc40.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bto skipped
C:\RECYCLER\S-1-5-21-343818398-838170752-682003330-1003\Dc40.exe NSIS: infected - 1 skipped
C:\RECYCLER\S-1-5-21-343818398-838170752-682003330-1003\Dc52.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bto skipped
C:\RECYCLER\S-1-5-21-343818398-838170752-682003330-1003\Dc52.exe NSIS: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP116\A0005743.exe Infected: Trojan.Win32.Agent.civ skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP137\A0006070.exe Infected: Trojan.Win32.Agent.civ skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP138\A0006104.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP138\A0006105.exe Infected: Trojan-Downloader.Win32.Agent.erf skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP138\A0006106.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP138\A0006108.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP138\A0006113.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP138\A0006114.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP138\A0006115.exe Infected: Trojan-Downloader.Win32.VB.bto skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP138\A0006123.sys Infected: Rootkit.Win32.Agent.eq skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP138\change.log Object is locked skipped
C:\WINDOWS\b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\WINDOWS\b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b104.exe NSIS: infected - 3 skipped
C:\WINDOWS\b136.exe/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\WINDOWS\b136.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b136.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b136.exe NSIS: infected - 3 skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\i2\mper83122.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\WINDOWS\system32\i2\mper83122.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TTC-4444.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\WINDOWS\TTC-4444.exe NSIS: infected - 1 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP115\A0005702.exe Infected: Trojan.Win32.Agent.civ skipped
F:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP137\A0006068.exe Infected: Trojan.Win32.Agent.civ skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\Old PC Files\Basement PC Files to Keep\Downloads\Microsoft.Windows.XP.Professional.Corporate.SP2.V4.87[AnAlyZeR.WarezFaw.Com].ISO/updates/serial/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
H:\Old PC Files\Basement PC Files to Keep\Downloads\Microsoft.Windows.XP.Professional.Corporate.SP2.V4.87[AnAlyZeR.WarezFaw.Com].ISO/updates/serial/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
H:\Old PC Files\Basement PC Files to Keep\Downloads\Microsoft.Windows.XP.Professional.Corporate.SP2.V4.87[AnAlyZeR.WarezFaw.Com].ISO/updates/serial/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
H:\Old PC Files\Basement PC Files to Keep\Downloads\Microsoft.Windows.XP.Professional.Corporate.SP2.V4.87[AnAlyZeR.WarezFaw.Com].ISO/updates/serial/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
H:\Old PC Files\Basement PC Files to Keep\Downloads\Microsoft.Windows.XP.Professional.Corporate.SP2.V4.87[AnAlyZeR.WarezFaw.Com].ISO ISO image: infected - 4 skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Any help would be very appreciated
Thank You
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:22 PM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
F:\Grisoft\AVG7\avgamsvr.exe
F:\Grisoft\AVG7\avgupsvc.exe
F:\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Grisoft\AVG7\avgcc.exe
F:\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\system32\devldr32.exe
F:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O4 - HKLM\..\Run: [AVG7_CC] F:\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AWMON] "F:\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] F:\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] F:\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] F:\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\Grisoft\AVG7\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RnJlZCBHYXJ2aW4\command.exe (file missing)
--
End of file - 2601 bytes
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, November 17, 2007 7:27:14 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/11/2007
Kaspersky Anti-Virus database records: 461025
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics:
Total number of scanned objects: 32892
Number of viruses found: 16
Number of infected objects: 43
Number of suspicious objects: 0
Duration of the scan process: 01:02:56
Infected Object Name / Virus Name / Last Action
C:\15.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\15.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007111720071118\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mike\Local Settings\Temp\elcrabsr.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\Documents and Settings\Mike\Local Settings\Temp\vbvkelwd.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\Q0OQKQAA\hctp[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\SXM78HUN\upd32_v14[1] Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\YV8PY5A1\pochki20071106[1] Infected: Trojan.Win32.Obfuscated.kp skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Online Services\hotehynoz4444.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Program Files\Online Services\hotehynoz83122.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Program Files\page.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\RECYCLER\S-1-5-21-343818398-838170752-682003330-1003\Dc40.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bto skipped
C:\RECYCLER\S-1-5-21-343818398-838170752-682003330-1003\Dc40.exe NSIS: infected - 1 skipped
C:\RECYCLER\S-1-5-21-343818398-838170752-682003330-1003\Dc52.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bto skipped
C:\RECYCLER\S-1-5-21-343818398-838170752-682003330-1003\Dc52.exe NSIS: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP116\A0005743.exe Infected: Trojan.Win32.Agent.civ skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP137\A0006070.exe Infected: Trojan.Win32.Agent.civ skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP138\A0006104.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP138\A0006105.exe Infected: Trojan-Downloader.Win32.Agent.erf skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP138\A0006106.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP138\A0006108.exe Infected: Trojan.Win32.BHO.ab skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP138\A0006113.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP138\A0006114.exe Infected: Trojan-Downloader.Win32.Small.gll skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP138\A0006115.exe Infected: Trojan-Downloader.Win32.VB.bto skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP138\A0006123.sys Infected: Rootkit.Win32.Agent.eq skipped
C:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP138\change.log Object is locked skipped
C:\WINDOWS\b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\WINDOWS\b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b104.exe NSIS: infected - 3 skipped
C:\WINDOWS\b136.exe/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\WINDOWS\b136.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b136.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b136.exe NSIS: infected - 3 skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\i2\mper83122.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\WINDOWS\system32\i2\mper83122.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TTC-4444.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\WINDOWS\TTC-4444.exe NSIS: infected - 1 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP115\A0005702.exe Infected: Trojan.Win32.Agent.civ skipped
F:\System Volume Information\_restore{8C7D0E44-F4CD-45FA-96A7-CF73CB4F4579}\RP137\A0006068.exe Infected: Trojan.Win32.Agent.civ skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\Old PC Files\Basement PC Files to Keep\Downloads\Microsoft.Windows.XP.Professional.Corporate.SP2.V4.87[AnAlyZeR.WarezFaw.Com].ISO/updates/serial/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
H:\Old PC Files\Basement PC Files to Keep\Downloads\Microsoft.Windows.XP.Professional.Corporate.SP2.V4.87[AnAlyZeR.WarezFaw.Com].ISO/updates/serial/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
H:\Old PC Files\Basement PC Files to Keep\Downloads\Microsoft.Windows.XP.Professional.Corporate.SP2.V4.87[AnAlyZeR.WarezFaw.Com].ISO/updates/serial/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
H:\Old PC Files\Basement PC Files to Keep\Downloads\Microsoft.Windows.XP.Professional.Corporate.SP2.V4.87[AnAlyZeR.WarezFaw.Com].ISO/updates/serial/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
H:\Old PC Files\Basement PC Files to Keep\Downloads\Microsoft.Windows.XP.Professional.Corporate.SP2.V4.87[AnAlyZeR.WarezFaw.Com].ISO ISO image: infected - 4 skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Any help would be very appreciated
Thank You