Help!! I have been Infected by Trojan.Win32.Agent and Compromised!! [Archive]

alchap

2008-01-22, 01:25

There are tons of Hidden Zip Files I didn't create, and it looks like my passwords were stolen and looking at my browser history it looks like my Firefox browser was hijacked to go to sites and use my stolen info!! My anti-spyware was disabled also. Please advise!!!! Here is my Hijack This log. Kaspersky was pretty long, so it may not fit in one post. But I think I need to post these right away, because strange things are happening at this moment!! I think he may have tried to hack this log, because this file appeared on my desktop, to change the log to Japanese! and I think he has hidden IE windows open!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:31 PM, on 1/21/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\RPS.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Iconoid\iconoid.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll
O2 - BHO: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Iconoid] "C:\Program Files\Iconoid\iconoid.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-916728736-257858344-4049364129-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14305 bytes

alchap

2008-01-22, 01:43

KASPERSKY ONLINE SCANNER REPORT
Monday, January 21, 2008 7:09:29 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/01/2008
Kaspersky Anti-Virus database records: 525566
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics:
Total number of scanned objects: 247228
Number of viruses found: 2
Number of infected objects: 271
Number of suspicious objects: 0
Duration of the scan process: 02:16:21

Infected Object Name / Virus Name / Last Action
C:\$Recycle.Bin\S-1-5-21-916728736-257858344-4049364129-1001\$R30XWTM.exe Infected: Virus.Win32.Fontra.c skipped
C:\$Recycle.Bin\S-1-5-21-916728736-257858344-4049364129-1001\$R5JZ6IW.exe Infected: Virus.Win32.Fontra.c skipped
C:\$Recycle.Bin\S-1-5-21-916728736-257858344-4049364129-1001\$RBS7NM5.zip/Video.exe Infected: Virus.Win32.Fontra.c skipped
C:\$Recycle.Bin\S-1-5-21-916728736-257858344-4049364129-1001\$RBS7NM5.zip ZIP: infected - 1 skipped
C:\$Recycle.Bin\S-1-5-21-916728736-257858344-4049364129-1001\$ROXGNRY.exe Infected: Virus.Win32.Fontra.c skipped
C:\$Recycle.Bin\S-1-5-21-916728736-257858344-4049364129-1001\$RVX5YPW.zip/Setup.exe Infected: Virus.Win32.Fontra.c skipped
C:\$Recycle.Bin\S-1-5-21-916728736-257858344-4049364129-1001\$RVX5YPW.zip ZIP: infected - 1 skipped
C:\$Recycle.Bin\S-1-5-21-916728736-257858344-4049364129-1001\$RZZTXD1.zip/Track_03.exe Infected: Virus.Win32.Fontra.c skipped
C:\$Recycle.Bin\S-1-5-21-916728736-257858344-4049364129-1001\$RZZTXD1.zip ZIP: infected - 1 skipped
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\CA\PPRT\logs\2008-01-21.csv Object is locked skipped
C:\Program Files\PC-Doctor 5 for Windows\Configuration\config.xml Object is locked skipped
C:\ProgramData\AT&T\AT&T Internet Security Suite\Logs\AT&T Firewall - Blocked Packets - 01-21-2008--03-30-07.log Object is locked skipped
C:\ProgramData\AT&T\AT&T Internet Security Suite\Logs\FirewallService01-21-2008--03-27-28.log Object is locked skipped
C:\ProgramData\AT&T\AT&T Internet Security Suite\Logs\Fw_Session.log Object is locked skipped
C:\ProgramData\AT&T\AT&T Internet Security Suite\Logs\SafetyConsoleLog01-21-2008--03-27-48.log Object is locked skipped
C:\ProgramData\AT&T\AT&T Internet Security Suite\Logs\ServiceModel01-21-2008--03-27-46.log Object is locked skipped
C:\ProgramData\Hewlett-Packard\HP Print Settings\HPclko9h.cfg Object is locked skipped
C:\ProgramData\Hewlett-Packard\HP Print Settings\HPferf6o.cfg Object is locked skipped
C:\ProgramData\Hewlett-Packard\HP Print Settings\HPnoeus6.cfg Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\659ec7a09311eccd2a9a425048f67140_f9f80b1a-5bab-48b7-8e4e-913c82b51678 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_f9f80b1a-5bab-48b7-8e4e-913c82b51678 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_f9f80b1a-5bab-48b7-8e4e-913c82b51678 Object is locked skipped
C:\ProgramData\Microsoft\eHome\EPG\02c32148ab434b3b8c87da15a3a3e8e9.sdf Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\IUSR_NMPR.dat Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012120080122\index.dat Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat{d9b2ee6c-63d8-11dc-9126-001bfc073bbe}.TM.blf Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat{d9b2ee6c-63d8-11dc-9126-001bfc073bbe}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat{d9b2ee6c-63d8-11dc-9126-001bfc073bbe}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\User\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\qb5z5wjl.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\qb5z5wjl.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\qb5z5wjl.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\qb5z5wjl.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\User\AppData\Local\SupportSoft\HelpCenter4.1\User\state\logs\sprtcmd.log Object is locked skipped
C:\Users\User\AppData\Local\Temp\~DF4849.tmp Object is locked skipped
C:\Users\User\AppData\Roaming\AT&T\Internet Security Wizard\client_gateway.log Object is locked skipped
C:\Users\User\AppData\Roaming\GTek\GTUpdate\AUpdate\NMSSupport\IntelHCTAgent.log Object is locked skipped
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5z5wjl.default\cert8.db Object is locked skipped
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5z5wjl.default\formhistory.dat Object is locked skipped
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5z5wjl.default\history.dat Object is locked skipped
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5z5wjl.default\key3.db Object is locked skipped
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5z5wjl.default\parent.lock Object is locked skipped
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5z5wjl.default\search.sqlite Object is locked skipped
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qb5z5wjl.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\User\'\20 Years Of Jethro Tull, Awesome Collection Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\20 Years Of Jethro Tull, Awesome Collection Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\88 Minutes (2007) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\88 Minutes (2007) Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\Aerial Mahjong Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Aerial Mahjong Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Alanis Morissette - The Collection Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Alanis Morissette - The Collection Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\All Ditz And Jumbo Tits 2 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\All Ditz And Jumbo Tits 2 Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\BackStreet Boys Unbreakable (2007) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\BackStreet Boys Unbreakable (2007) Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Basshunter-LOL Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Basshunter-LOL Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\Battlefield Vietnam Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Battlefield Vietnam Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\Best Of Boob Bangers Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Best Of Boob Bangers Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\Blood and Chocolate (2007) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Blood and Chocolate (2007) Keygen.zip ZIP: infected - 1 skipped
C

alchap

2008-01-22, 01:50

alchap

2008-01-22, 01:54

:\Users\User\'\Bridge to Terabithia (2007) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Bridge to Terabithia (2007) Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Bubble Butt Bonanza 10 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Bubble Butt Bonanza 10 Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Counterstrike Condition Zero Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Counterstrike Condition Zero Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\Crashday Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Crashday Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\CSI Miami Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\CSI Miami Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Culpa Innata Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Culpa Innata Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\Delta Force Black Hawk Down Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Delta Force Black Hawk Down Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Diskeeper 2008 Pro Premier Edition v12.0 Build 758 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Diskeeper 2008 Pro Premier Edition v12.0 Build 758 Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\DJ Finesse - RB Dedication 2 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\DJ Finesse - RB Dedication 2 Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\Dogma (DVDRip) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Dogma (DVDRip) Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\Dryft - Cell Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Dryft - Cell Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\Eagles - Hotel California Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Eagles - Hotel California Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Eagles - The Long Run Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Eagles - The Long Run Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Eagles Long Road out of Eden (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Eagles Long Road out of Eden (2007) Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\FIBA Basketball Manager 2008 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\FIBA Basketball Manager 2008 Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\Fire Department 3 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Fire Department 3 Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\Fracture (2007) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Fracture (2007) Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\Frank Zappa - Fillmore East June 1971 [Live] Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Frank Zappa - Fillmore East June 1971 [Live] Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\Frank Zappa - Frank Zappa Meets the Mothers of Prevention Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Frank Zappa - Frank Zappa Meets the Mothers of Prevention Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\Gangbang Auditions #10 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Gangbang Auditions #10 Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\Gridiron Gang (2006) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Gridiron Gang (2006) Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\Half-Life 2 Episode Two Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Half-Life 2 Episode Two Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\Homegrown Video # 717 The Porn Ultimatum Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Homegrown Video # 717 The Porn Ultimatum Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\Hot Fuzz (2007) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Hot Fuzz (2007) Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Hunting Unlimited 2008 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Hunting Unlimited 2008 Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\I Scored A Soccer Mom 2 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\I Scored A Soccer Mom 2 Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\I Scored A Soccer Mom 3 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\I Scored A Soccer Mom 3 Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Illegal Aliens (2007) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Illegal Aliens (2007) Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\In 1Out 0 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\In 1Out 0 Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\In 1Out 0 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\In 1Out 0 Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\In 1Out 0 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\In 1Out 0 Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\In 2Out 0 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\In 2Out 0 Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\In 2Out 0 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\In 2Out 0 Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\In 3Out 1 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\In 3Out 1 Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\In 3Out 1 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\In 3Out 1 Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\India Arie - Voyage to India Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\India Arie - Voyage to India Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Intensitivity #4 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Intensitivity #4 Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Intensitivity #6 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Intensitivity #6 Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\Jacked (PS2) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Jacked (PS2) Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Jimmy Eat World - Futures Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Jimmy Eat World - Futures Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\Jimmy Eat World - Stay on My Side Tonight EP Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Jimmy Eat World - Stay on My Side Tonight EP Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\Kanye West - Late Orchestration (2005) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Kanye West - Late Orchestration (2005) Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Kanye West - Stronger (2007) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Kanye West - Stronger (2007) Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\Kanye West-College Dropout Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Kanye West-College Dropout Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\Kaspersky Internet Security 7.00.125 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Kaspersky Internet Security 7.00.125 Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\Katie Melua - Piece by Piece Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Katie Melua - Piece by Piece Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Kylie Minogue Confide in Me The Irresistible Kylie (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Kylie Minogue Confide in Me The Irresistible Kylie (2007) Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\Lavasoft Ad-aware 2007 Pro v7.0.2.3 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Lavasoft Ad-aware 2007 Pro v7.0.2.3 Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\Legal At Last # 5 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Legal At Last # 5 Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\Life Support (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Life Support (2007) Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\LimeWire Pro Version 5.0.01 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\LimeWire Pro Version 5.0.01 Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Limo Secrets # 2 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Limo Secrets # 2 Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\Live Free of Die Hard (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Live Free of Die Hard (2007) Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\Live Free or Die (2006) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Live Free or Die (2006) Patch.zip ZIP: infected - 1 skipped

alchap

2008-01-22, 02:03

Sorry about this, but I need to post ASAP, I'm being hacked !

C:\Users\User\'\Tatu - 200 KmH in the Wrong Lane Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Tatu - 200 KmH in the Wrong Lane Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\The Bourne Ultimatum [2007] Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\The Bourne Ultimatum [2007] Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\The Chronicles of Riddick Dark Fury (2004) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\The Chronicles of Riddick Dark Fury (2004) Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\The Girl Next Door (2004) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\The Girl Next Door (2004) Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\The Lord of the Rings The Two Towers (2002) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\The Lord of the Rings The Two Towers (2002) Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\The Mark of Cain (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\The Mark of Cain (2007) Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\The Matrix Revolutions (2003) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\The Matrix Revolutions (2003) Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\The Sims 2 Bon Voyage Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\The Sims 2 Bon Voyage Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\The Young the Gay and the Restless (2006) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\The Young the Gay and the Restless (2006) Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\Thr3e (2006) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Thr3e (2006) Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Tiger Woods PGA Tour 08 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Tiger Woods PGA Tour 08 Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\TMNT (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\TMNT (2007) Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\Tremors (1990) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Tremors (1990) Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Tremors 2 After Shocks (1996) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Tremors 2 After Shocks (1996) Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\'\Ultra Mobile 3GP Video Converter 3.8.0924 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Ultra Mobile 3GP Video Converter 3.8.0924 Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\We **** ** Young (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\We **** ** Young (2007) Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\Whale Tail #3 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Whale Tail #3 Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\WinPatrol v12.2.2007.0 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\WinPatrol v12.2.2007.0 Crack.zip ZIP: infected - 1 skipped
C:\Users\User\'\WM Recorder 11.3 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\WM Recorder 11.3 Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\Women Seeking Women # 35 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\Women Seeking Women # 35 Patch.zip ZIP: infected - 1 skipped
C:\Users\User\'\YouTube Movie Ripper 1.1.0.0 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\User\'\YouTube Movie Ripper 1.1.0.0 Keygen.zip ZIP: infected - 1 skipped
C:\Users\User\ntuser.dat Object is locked skipped
C:\Users\User\ntuser.dat.LOG1 Object is locked skipped
C:\Users\User\ntuser.dat.LOG2 Object is locked skipped
C:\Users\User\ntuser.dat{ed99e2f0-b4ef-11dc-855d-001bfc073bbe}.TM.blf Object is locked skipped
C:\Users\User\ntuser.dat{ed99e2f0-b4ef-11dc-855d-001bfc073bbe}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\User\ntuser.dat{ed99e2f0-b4ef-11dc-855d-001bfc073bbe}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Debug\sam.log Object is locked skipped
C:\WINDOWS\Debug\WIA\wiatrace.log Object is locked skipped
C:\WINDOWS\Installer\MSI4BA0.tmp Object is locked skipped
C:\WINDOWS\Installer\MSI9DA7.tmp Object is locked skipped
C:\WINDOWS\Installer\MSIBCC0.tmp Object is locked skipped
C:\WINDOWS\Logs\CBS\CBS.log Object is locked skipped
C:\WINDOWS\Logs\CBS\CBS.persist.log Object is locked skipped
C:\WINDOWS\Logs\DPX\setupact.log Object is locked skipped
C:\WINDOWS\Logs\DPX\setuperr.log Object is locked skipped
C:\WINDOWS\MEMORY.DMP Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\setupact.log Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\WINDOWS\security\database\secedit.sdb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\WINDOWS\System32\catroot2\edb.log Object is locked skipped
C:\WINDOWS\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\System32\config\components Object is locked skipped
C:\WINDOWS\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\default Object is locked skipped
C:\WINDOWS\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\sam Object is locked skipped
C:\WINDOWS\System32\config\SAM.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SAM.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\security Object is locked skipped
C:\WINDOWS\System32\config\SECURITY.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SECURITY.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\software Object is locked skipped
C:\WINDOWS\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\system Object is locked skipped
C:\WINDOWS\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{ed99e2ce-b4ef-11dc-855d-001bfc073bbe}.TxR.0.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{ed99e2ce-b4ef-11dc-855d-001bfc073bbe}.TxR.1.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{ed99e2ce-b4ef-11dc-855d-001bfc073bbe}.TxR.2.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{ed99e2ce-b4ef-11dc-855d-001bfc073bbe}.TxR.blf Object is locked skipped
C:\WINDOWS\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\WINDOWS\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\System32\restore\MachineGuid.txt Object is locked skipped
C:\WINDOWS\System32\spool\SpoolerETW.etl Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\WINDOWS\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\WINDOWS\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\WINDOWS\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\IntelDH.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\System.evtx Object is locked skipped
C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
D:\$RECYCLE.BIN\Desktop.ini Object is locked skipped
D:\$RECYCLE.BIN\Protect.ed Object is locked skipped
E:\recorded tv\TempRec\TempSBE\MSDVRMM_1815733353_3342336_109 Object is locked skipped
E:\recorded tv\TempRec\TempSBE\MSDVRMM_1815733353_3538944_153 Object is locked skipped
E:\recorded tv\TempRec\TempSBE\SBE7761.tmp Object is locked skipped
E:\recorded tv\TempRec\TempSBE\SBEF5C3.tmp Object is locked skipped
E:\recorded tv\TempRec\{5D34ACA9-5FC7-4A90-987E-97F2E2B75472}.TmpSBE Object is locked skipped
E:\recorded tv\TempRec\{B3FF1881-F232-4EFC-B86A-B1C4BA18DDC0}.TmpSBE Object is locked skipped

Scan process completed.

alchap

2008-01-22, 03:15

This guy is even trying to hack my Hijack Log!!

tashi

2008-01-22, 04:42

Hello.

Which topic are you referring to?

Because of the volume of posts to your own topic, helpers will think you are already being assisted.

Your log shows a lot of cracked programs. Please don't post logs containing profanity.

alchap

2008-01-22, 08:25

All those cracked files and zip files are stuff that was uploaded without my knowledge, and then hidden in a folder named ' which I couldn't find. The only reason I know they were there was when the log report came back and there were so many of them that I may have missed a few and didn't realize some of the names. Very sorry!!

What I was referring to was that I had run A Hijack log,
put it on the desktop, went away from the computer for a little while, and it was replaced by one that was sort of greyed out and renamed. When I opened it this box came up that said "File conversion~$jack log.rtf Select the encoding that makes your document readable." The Japanese box was selected and the preview showed my name translated into Japanese!! . Fortunately I saved a copy on a Flash drive so I think the one I posted is OK. But now I have no idea how correct the logs are. I may have to run them again, but Kaspersky took so long
and took three pages to post, that I wanted to verify
with you that needed to be done.

So it's obvious this guy in Japan seems to have access to my computer. I also found a Remote Desktop application in my Documents folder, which I don't remember being there, and my web browser history is
showing sights I never went to.

Sorry for the long answer, but it hasn't been a fun day.

Unfortunately I'ts 2 in the morning, and I have to get up for work....so please post your response when you can, and I will check in at about 7pm US time tomorrow.

Thanks in advance for your help, and again I'm really sorry about the profanity slipping by me.

alchap

tashi

2008-01-22, 09:35

Hi there and no problem. :)

I left a note to see if one of our helpers can take a look soon.

I'd suggest staying off that computer as much as possible in the meantime.

Cheers.

Shaba

2008-01-22, 10:14

Hi alchap

Download OTMoveIt (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe) by OldTimer to your Desktop.

Double click OTMoveIt.exe to launch it.
Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.

C:\Users\Alan Chapin\'

Click the Move It button.
The list will be processed and the results will appear in the right hand pane.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
When finished click Exit to exit the programme.
A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).
Post back contents of that file, please.

alchap

2008-01-22, 18:45

Hi Shaba!

Thanks for getting back to me so quickly. It's a little unnerving knowing someone has free reign over all your files
and documents, not to mention your user name and passwords. I am really nervous about what he is doing with them, because I could tell in my browser history that he had been to my credit card site and I think E-Bay. He
could even come to this site and pose as me! Thankfully,
I am not signed up for Online Banking for the very reason that not long ago I was a victim of a Phishing scam, and
ended up with all my accounts being drained, and thousands of dollars of bogus charges on my credit card.
It was a nightmare!!

I am also a little nervous about being online on the infected computer. I have another one that my wife uses
that is networked with mine to the same internet connection. Can this guy infect hers as well if he wanted to?

Right now I am at work, so it's safe. It's 12:45pm here,
so I won't be able to get onto mine to follow your instructions until about 7pm my time, when I get home.
I will stay logged in here and monitor the thread, so you
can reply if you want. Otherwise I will follow Step 1 as soon as I get home and post the results you need.

Thanks again!

alchap

Shaba

2008-01-22, 18:53

Hi

"I have another one that my wife uses
that is networked with mine to the same internet connection. Can this guy infect hers as well if he wanted to?"

Everything is possible but that is very unlikely.

You should change all your online passwords (including this forum) from clean computer and contact bank and credit card company if you use them, too.

If possible disconnect that PC from the Internet immediately and use another one for posting logs.

tashi

2008-01-22, 19:26

Hi alchap.

I edited out your name in the logs and replaced with "User" ;)

alchap

2008-01-22, 19:28

Thanks, I will do that!

alchap

2008-01-22, 19:33

Thanks Tashi!

alchap

2008-01-23, 04:50

Hi

Sorry it took so long for me to respond. Having connection problems arising from the change in password.

Here are the results from Move It:

C:\Users\Alan Chapin\' moved successfully.

Created on 01/22/2008 22:43:18

Shaba

2008-01-23, 10:28

Hi

Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

alchap

2008-01-23, 15:53

Thanks Shaba,

I will be able to get this posted a lot earlier tonight!!

:bigthumb:

Shaba

2008-01-23, 15:57

Hi

No problem, take your time :)

alchap

2008-01-24, 02:56

Here is the Main.txt, did not get an Extra.txt, but I still need to put this into two posts due to length.

Deckard's System Scanner v20071014.68
Run by Alan Chapin on 2008-01-23 20:42:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Alan Chapin.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:05 PM, on 1/23/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\RPS.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
c:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alan Chapin\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ALANCH~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll
O2 - BHO: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Iconoid] "C:\Program Files\Iconoid\iconoid.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-916728736-257858344-4049364129-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14191 bytes

alchap

2008-01-24, 02:57

-- Files created between 2007-12-23 and 2008-01-23 -----------------------------

2008-01-21 15:32:37 0 d-------- C:\Program Files\Trend Micro
2008-01-21 07:27:20 0 d--h----- C:\Windows\PIF
2008-01-21 04:06:33 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-01-21 00:56:50 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-01-18 23:19:24 0 d-------- C:\Users\All Users\Apple
2008-01-18 23:19:24 0 d-------- C:\Program Files\Apple Software Update
2008-01-13 04:17:09 0 d-------- C:\Users\All Users\Lavasoft
2008-01-13 04:17:09 0 d-------- C:\Program Files\Lavasoft
2008-01-13 04:04:02 0 d-------- C:\Program Files\Windows Live Safety Center
2008-01-07 00:27:14 77 --a------ C:\Windows\system32\7092.bat
2008-01-06 22:30:23 77 --a------ C:\Windows\system32\1657.bat
2008-01-05 01:08:38 0 d-------- C:\Program Files\SoundSpectrum
2008-01-03 20:07:39 77 --a------ C:\Windows\system32\1317.bat
2008-01-03 01:56:45 0 d-------- C:\Program Files\RadioXpi
2008-01-02 20:16:45 77 --a------ C:\Windows\system32\6345.bat
2008-01-01 15:50:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-01 07:39:53 0 d-------- C:\Program Files\JL2004C
2008-01-01 06:50:06 77 --a------ C:\Windows\system32\2715.bat
2007-12-30 22:40:28 77 --a------ C:\Windows\system32\2058.bat
2007-12-30 21:57:11 77 --a------ C:\Windows\system32\2481.bat
2007-12-30 20:56:52 77 --a------ C:\Windows\system32\4304.bat
2007-12-30 17:48:54 680571 --a------ C:\xace26.exe <Not Verified; e-merge GmbH; XAce Plus>
2007-12-30 14:12:57 77 --a------ C:\Windows\system32\4022.bat
2007-12-30 02:08:00 12095 --a------ C:\logfile
2007-12-30 01:32:50 0 d-------- C:\Program Files\Kodak
2007-12-30 01:17:32 77 --a------ C:\Windows\system32\1302.bat
2007-12-30 00:55:57 77 --a------ C:\Windows\system32\2720.bat
2007-12-29 23:52:56 0 d-------- C:\Program Files\Common Files\Ahead
2007-12-29 21:08:35 217088 --a------ C:\Windows\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-12-29 21:08:34 282624 --a------ C:\Windows\system32\xvidvfw.dll
2007-12-29 21:08:34 1559040 --a------ C:\Windows\system32\xvidcore.dll
2007-12-29 21:08:33 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-12-29 21:08:33 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-29 21:08:33 682496 --a------ C:\Windows\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-29 21:08:31 7680 --a------ C:\Windows\system32\ff_vfw.dll
2007-12-29 21:08:28 0 d-------- C:\Users\All Users\Real
2007-12-29 20:52:43 77 --a------ C:\Windows\system32\1174.bat
2007-12-29 20:11:07 77 --a------ C:\Windows\system32\3701.bat
2007-12-29 19:08:40 77 --a------ C:\Windows\system32\6627.bat
2007-12-29 02:56:27 0 d-------- C:\Program Files\Common Files\Intel
2007-12-29 01:59:46 77 --a------ C:\Windows\system32\1718.bat
2007-12-28 21:55:28 77 --a------ C:\Windows\system32\6066.bat
2007-12-28 21:49:59 77 --a------ C:\Windows\system32\3444.bat
2007-12-27 22:23:02 77 --a------ C:\Windows\system32\4442.bat
2007-12-27 22:20:00 77 --a------ C:\Windows\system32\6490.bat
2007-12-25 03:21:46 0 d-------- C:\Program Files\FinalBurner(37)
2007-12-24 16:41:12 77 --a------ C:\Windows\system32\9445.bat
2007-12-23 02:44:19 77 --a------ C:\Windows\system32\9261.bat

-- Find3M Report ---------------------------------------------------------------

2008-01-18 00:52:31 130885 --a------ C:\Windows\hpoins18.dat
2008-01-14 21:57:56 0 d-------- C:\Program Files\AdorageI-GfxDatas
2008-01-09 01:33:48 0 d-------- C:\Program Files\Windows Mail
2008-01-09 01:33:47 0 d-------- C:\Program Files\Windows Sidebar
2008-01-06 22:35:47 0 d-------- C:\Users\Alan Chapin\AppData\Roaming\DVDFab
2008-01-05 01:16:59 0 d-------- C:\Users\Alan Chapin\AppData\Roaming\SoundSpectrum
2008-01-03 02:15:32 0 d-------- C:\Users\Alan Chapin\AppData\Roaming\Real
2008-01-03 01:57:10 1767 --a------ C:\Windows\mozver.dat
2008-01-01 15:50:29 0 d-------- C:\Program Files\Common Files
2007-12-30 01:22:49 0 d-a------ C:\Program Files\Common Files\LightScribe
2007-12-30 00:38:12 0 d-------- C:\Users\Alan Chapin\AppData\Roaming\Ahead
2007-12-29 21:16:41 0 d-------- C:\Program Files\DVD Shrink
2007-12-29 21:08:32 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-12-29 03:22:27 0 d--h----- C:\Users\Alan Chapin\AppData\Roaming\GTek
2007-12-29 02:27:57 0 d-------- C:\Program Files\DivX
2007-12-27 22:16:57 0 d-------- C:\Program Files\FinalBurner
2007-12-27 22:15:06 0 d-------- C:\Program Files\Common Files\Scanner
2007-12-27 21:23:02 0 d-------- C:\Users\Alan Chapin\AppData\Roaming\Vso
2007-12-27 21:23:02 33 --a------ C:\Users\Alan Chapin\AppData\Roaming\pcouffin.log
2007-12-27 01:53:14 0 d-------- C:\Users\Alan Chapin\AppData\Roaming\Real(282)
2007-12-23 01:20:04 0 d-------- C:\Program Files\HP
2007-12-21 19:10:23 0 d-------- C:\Users\Alan Chapin\AppData\Roaming\Zeon
2007-12-21 19:07:51 77 --a------ C:\Windows\system32\5860.bat
2007-12-20 21:48:33 0 d-------- C:\Program Files\Microsoft Silverlight
2007-12-18 06:56:27 77 --a------ C:\Windows\system32\3811.bat
2007-12-15 19:51:03 77 --a------ C:\Windows\system32\7271.bat
2007-12-15 19:11:54 77 --a------ C:\Windows\system32\5327.bat
2007-12-15 18:06:46 77 --a------ C:\Windows\system32\7965.bat
2007-12-15 17:59:04 0 d-------- C:\Users\Alan Chapin\AppData\Roaming\blstoolbar
2007-12-13 20:44:24 0 d-------- C:\Users\Alan Chapin\AppData\Roaming\Backup MyPC
2007-12-13 01:45:43 0 d-------- C:\Program Files\Roxio
2007-12-11 21:11:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-11 21:10:49 0 d-------- C:\Program Files\Amazon
2007-12-07 19:33:34 77 --a------ C:\Windows\system32\1889.bat
2007-12-06 23:22:20 0 d-------- C:\Program Files\Memorex exPressit Label Design Studio
2007-12-06 23:22:11 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-12-04 20:48:05 0 d-------- C:\Program Files\DVDFab HD Decrypter 4
2007-12-04 19:42:08 77 --a------ C:\Windows\system32\3111.bat
2007-12-04 19:05:26 77 --a------ C:\Windows\system32\8354.bat
2007-12-02 04:01:17 0 d-------- C:\Users\Alan Chapin\AppData\Roaming\Help
2007-11-30 20:23:20 0 d-------- C:\Program Files\Runtime Software
2007-11-30 20:19:23 77 --a------ C:\Windows\system32\8058.bat
2007-11-30 00:52:17 77 --a------ C:\Windows\system32\9020.bat
2007-11-30 00:24:08 0 d-------- C:\Users\Alan Chapin\AppData\Roaming\Lavasoft
2007-11-29 01:50:36 77 --a------ C:\Windows\system32\5217.bat
2007-11-29 01:33:26 147456 --a------ C:\Windows\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-28 22:15:00 40737 --a------ C:\Windows\system32\rightonadz-uninst.exe
2007-11-27 21:55:10 7887 --a------ C:\Users\Alan Chapin\AppData\Roaming\pcouffin.cat
2007-11-20 04:16:35 169 --a------ C:\AUTOEXEC.BAT
2007-11-12 22:01:00 5642 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2007-11-03 01:13:49 8 -r-hs---- C:\Windows\system32\154C54369E.sys

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [09/28/2006 08:42 AM]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [11/20/2006 06:34 AM]
"RtHDVCpl"="RtHDVCpl.exe" [10/25/2007 05:52 AM C:\WINDOWS\RtHDVCpl.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 03:24 PM]
"HelpCenter4.1"="C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [06/28/2007 06:02 PM]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [06/15/2007 06:15 PM]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [06/05/2007 08:12 AM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [04/19/2007 05:11 PM]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [06/14/2007 03:44 PM]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [06/14/2007 03:57 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [06/14/2007 03:48 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 03:00 AM]
"DT HPW"="C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe" [04/25/2007 11:36 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [08/28/2007 12:59 AM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [08/28/2007 12:59 AM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [08/28/2007 12:59 AM]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [02/20/2007 02:07 AM]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [05/03/2007 12:12 PM]
"AT&T Internet Security Suite"="C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe" [06/28/2007 03:09 PM]
"KBD"="C:\HP\KBD\KbdStub.EXE" [12/08/2006 10:16 AM]
"PCLEUSBTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [02/20/2007 02:07 AM]
"USB2Check"="C:\Windows\system32\PCLECoInst.dll" [12/21/2005 10:14 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/20/2007 02:39 AM]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [06/27/2007 10:14 AM]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [06/27/2007 10:18 AM]
"-FreedomNeedsReboot"="C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe" [06/28/2007 03:09 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 01:28 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/14/2007 12:38 AM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 07:35 AM]
"Iconoid"="C:\Program Files\Iconoid\iconoid.exe" [02/03/2007 05:38 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 07:36 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 9:05:26 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [1/2/2007 8:40:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
rsmsvcs ntmssvc
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\ialaunch.exe id= ver=1.0.0.0

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
AutoRun\command- L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{872afd91-34c8-11dc-b9be-001bfc073bbe}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-01-23 20:42:28 ------------

Shaba

2008-01-24, 10:31

Hi

Do you recognize files like these (4 numbers and .bat)?

2008-01-07 00:27:14 77 --a------ C:\Windows\system32\7092.bat
2008-01-06 22:30:23 77 --a------ C:\Windows\system32\1657.bat

alchap

2008-01-24, 16:50

Hi Shaba.

No, I wouldn't know what they were, or whether they should be there or not. Sorry. :sad:

Shaba

2008-01-24, 16:52

Hi

Go to start -> run

Type notepad C:\Windows\system32\7092.bat and click ok

Contents of 7092.bat should open in Notepad, please post it here.

alchap

2008-01-25, 02:37

@Echo off
:S
Del services.exe
If Exist services.exe Goto S
Del 7092.bat

alchap

2008-01-25, 06:04

Do you have any theories on how I could be infected so badly while running Windows Firewall, an updated Anti-Virus Program, and three different updated Anti-Spyware Programs, including Windows Defender and not getting one alarm, warning or painful yelp?

Shaba

2008-01-25, 10:31

Hi

In that case, delete all these:

C:\Windows\system32\7092.bat
C:\Windows\system32\1657.bat
C:\Windows\system32\1317.bat
C:\Windows\system32\6345.bat
C:\Windows\system32\2715.bat
C:\Windows\system32\2058.bat
C:\Windows\system32\2481.bat
C:\Windows\system32\4304.bat
C:\Windows\system32\4022.bat
C:\Windows\system32\1302.bat
C:\Windows\system32\2720.bat
C:\Windows\system32\1174.bat
C:\Windows\system32\3701.bat
C:\Windows\system32\6627.bat
C:\Windows\system32\1718.bat
C:\Windows\system32\6066.bat
C:\Windows\system32\3444.bat
C:\Windows\system32\4442.bat
C:\Windows\system32\6490.bat
C:\Windows\system32\9445.bat
C:\Windows\system32\9261.bat
C:\Windows\system32\5860.bat
C:\Windows\system32\3811.bat
C:\Windows\system32\7271.bat
C:\Windows\system32\5327.bat
C:\Windows\system32\7965.bat
C:\Windows\system32\1889.bat
C:\Windows\system32\3111.bat
C:\Windows\system32\8354.bat
C:\Windows\system32\8058.bat
C:\Windows\system32\9020.bat
C:\Windows\system32\5217.bat
C:\Windows\system32\rightonadz-uninst.exe

Empty Recycle Bin.

"Do you have any theories on how I could be infected so badly while running Windows Firewall, an updated Anti-Virus Program, and three different updated Anti-Spyware Programs, including Windows Defender and not getting one alarm, warning or painful yelp?

No antivirus can recognize all malware. When certain malware has found way to your computer, chances are that it bypasses firewall in order to call "friends" to join, too.

Next we need an online scan, so connect computer again to internet:

Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

Note: This scanner will work with Internet Explorer Only!

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report

alchap

2008-01-26, 10:51

Hi...here you go:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:24 AM, on 1/26/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\RPS.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Iconoid\iconoid.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Roxio\Express Labeler 3\stax.exe
C:\Program Files\Memorex exPressit Label Design Studio\STCD\stcd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Bellsouth\HelpCenter40b\agent\bin\bcont.exe
C:\Users\Alan Chapin\Screensavers\Screen Savers\Screen Savers\FSScrCtl.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll
O2 - BHO: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Iconoid] "C:\Program Files\Iconoid\iconoid.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-916728736-257858344-4049364129-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14703 bytes

alchap

2008-01-26, 10:58

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 26, 2008 4:19:22 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/01/2008
Kaspersky Anti-Virus database records: 533104
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
I:\
J:\
K:\
L:\

Scan Statistics:
Total number of scanned objects: 227539
Number of viruses found: 1
Number of infected objects: 262
Number of suspicious objects: 0
Duration of the scan process: 02:32:53

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\CA\PPRT\logs\2008-01-23.csv Object is locked skipped
C:\Program Files\PC-Doctor 5 for Windows\Configuration\config.xml Object is locked skipped
C:\ProgramData\AT&T\AT&T Internet Security Suite\Logs\AT&T Firewall - Blocked Packets - 01-23-2008--23-59-55.log Object is locked skipped
C:\ProgramData\AT&T\AT&T Internet Security Suite\Logs\FirewallService01-23-2008--23-56-40.log Object is locked skipped
C:\ProgramData\AT&T\AT&T Internet Security Suite\Logs\Fw_Session.log Object is locked skipped
C:\ProgramData\AT&T\AT&T Internet Security Suite\Logs\SafetyConsoleLog01-23-2008--23-57-10.log Object is locked skipped
C:\ProgramData\AT&T\AT&T Internet Security Suite\Logs\ServiceModel01-23-2008--23-57-10.log Object is locked skipped
C:\ProgramData\Hewlett-Packard\HP Print Settings\HPclko9h.cfg Object is locked skipped
C:\ProgramData\Hewlett-Packard\HP Print Settings\HPferf6o.cfg Object is locked skipped
C:\ProgramData\Hewlett-Packard\HP Print Settings\HPnoeus6.cfg Object is locked skipped
C:\ProgramData\LightScribe\log\logstax.exe_6924.xml Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\659ec7a09311eccd2a9a425048f67140_f9f80b1a-5bab-48b7-8e4e-913c82b51678 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_f9f80b1a-5bab-48b7-8e4e-913c82b51678 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_f9f80b1a-5bab-48b7-8e4e-913c82b51678 Object is locked skipped
C:\ProgramData\Microsoft\eHome\EPG\e56f73ec43c6498484c47b4c3e2ef1e3.sdf Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\IUSR_NMPR.dat Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thmEF84.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thmEF85.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thmEF86.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thmEFF4.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thmF004.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\Explorer\ThumbCacheToDelete\thmF015.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012420080125\index.dat Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008012620080127\index.dat Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\UsrClass.dat{d9b2ee6c-63d8-11dc-9126-001bfc073bbe}.TM.blf Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\UsrClass.dat{d9b2ee6c-63d8-11dc-9126-001bfc073bbe}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows\UsrClass.dat{d9b2ee6c-63d8-11dc-9126-001bfc073bbe}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\MicroVision Applications\{0F01285A-4554-456C-A6B7-92177C4C47CA}\stcd.sy1 Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\MicroVision Applications\{afbedd56-75da-4afd-9384-89827487f848}\staxSys.xml Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\SupportSoft\HelpCenter4.1\Alan Chapin\state\logs\sprtcmd.log Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Temp\Low\~DF324F.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Temp\Low\~DF3255.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Temp\~DF1EDC.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Temp\~DF1EE3.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Temp\~DF22B9.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Temp\~DF22C0.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Temp\~DF25C5.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Temp\~DF25CC.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Temp\~DF9F12.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Temp\~DF9F19.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Temp\~DFAC14.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Temp\~DFD4E2.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Local\Temp\~DFD4F6.tmp Object is locked skipped
C:\Users\Alan Chapin\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Alan Chapin\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Alan Chapin\AppData\Roaming\AT&T\Internet Security Wizard\client_gateway.log Object is locked skipped
C:\Users\Alan Chapin\AppData\Roaming\GTek\GTUpdate\AUpdate\NMSSupport\IntelHCTAgent.log Object is locked skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\20 Years Of Jethro Tull, Awesome Collection Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\20 Years Of Jethro Tull, Awesome Collection Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\88 Minutes (2007) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\88 Minutes (2007) Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Aerial Mahjong Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Aerial Mahjong Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Alanis Morissette - The Collection Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Alanis Morissette - The Collection Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\All Ditz And Jumbo Tits 2 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\All Ditz And Jumbo Tits 2 Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\BackStreet Boys Unbreakable (2007) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\BackStreet Boys Unbreakable (2007) Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Basshunter-LOL Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Basshunter-LOL Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Battlefield Vietnam Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Battlefield Vietnam Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Best Of Boob Bangers Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Best Of Boob Bangers Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Blood and Chocolate (2007) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Blood and Chocolate (2007) Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Bridge to Terabithia (2007) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Bridge to Terabithia (2007) Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Bubble Butt Bonanza 10 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Bubble Butt Bonanza 10 Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Counterstrike Condition Zero Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Counterstrike Condition Zero Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Crashday Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Crashday Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\CSI Miami Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\CSI Miami Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Culpa Innata Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Culpa Innata Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Delta Force Black Hawk Down Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Delta Force Black Hawk Down Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Diskeeper 2008 Pro Premier Edition v12.0 Build 758 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Diskeeper 2008 Pro Premier Edition v12.0 Build 758 Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\DJ Finesse - RB Dedication 2 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\DJ Finesse - RB Dedication 2 Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Dogma (DVDRip) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Dogma (DVDRip) Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Dryft - Cell Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Dryft - Cell Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Eagles - Hotel California Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Eagles - Hotel California Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Eagles - The Long Run Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Eagles - The Long Run Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Eagles Long Road out of Eden (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Eagles Long Road out of Eden (2007) Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\FIBA Basketball Manager 2008 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\FIBA Basketball Manager 2008 Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Fire Department 3 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Fire Department 3 Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Fracture (2007) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Fracture (2007) Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Frank Zappa - Fillmore East June 1971 [Live] Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Frank Zappa - Fillmore East June 1971 [Live] Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Frank Zappa - Frank Zappa Meets the Mothers of Prevention Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Frank Zappa - Frank Zappa Meets the Mothers of Prevention Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Gangbang Auditions #10 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Gangbang Auditions #10 Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Gridiron Gang (2006) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Gridiron Gang (2006) Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Half-Life 2 Episode Two Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Half-Life 2 Episode Two Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Homegrown Video # 717 The Porn Ultimatum Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Homegrown Video # 717 The Porn Ultimatum Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Hot Fuzz (2007) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Hot Fuzz (2007) Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Hunting Unlimited 2008 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Hunting Unlimited 2008 Patch.zip ZIP: infected - 1 skipped

alchap

2008-01-26, 11:02

C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\I Scored A Soccer Mom 2 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\I Scored A Soccer Mom 2 Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\I Scored A Soccer Mom 3 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\I Scored A Soccer Mom 3 Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Illegal Aliens (2007) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Illegal Aliens (2007) Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\In 1Out 0 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\In 1Out 0 Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\In 1Out 0 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\In 1Out 0 Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\In 1Out 0 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\In 1Out 0 Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\In 2Out 0 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\In 2Out 0 Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\In 2Out 0 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\In 2Out 0 Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\In 3Out 1 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\In 3Out 1 Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\In 3Out 1 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\In 3Out 1 Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\India Arie - Voyage to India Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\India Arie - Voyage to India Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Intensitivity #4 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Intensitivity #4 Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Intensitivity #6 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Intensitivity #6 Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Jacked (PS2) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Jacked (PS2) Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Jimmy Eat World - Futures Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Jimmy Eat World - Futures Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Jimmy Eat World - Stay on My Side Tonight EP Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Jimmy Eat World - Stay on My Side Tonight EP Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Kanye West - Late Orchestration (2005) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Kanye West - Late Orchestration (2005) Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Kanye West - Stronger (2007) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Kanye West - Stronger (2007) Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Kanye West-College Dropout Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Kanye West-College Dropout Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Kaspersky Internet Security 7.00.125 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Kaspersky Internet Security 7.00.125 Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Katie Melua - Piece by Piece Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Katie Melua - Piece by Piece Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Kylie Minogue Confide in Me The Irresistible Kylie (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Kylie Minogue Confide in Me The Irresistible Kylie (2007) Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Lavasoft Ad-aware 2007 Pro v7.0.2.3 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Lavasoft Ad-aware 2007 Pro v7.0.2.3 Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Legal At Last # 5 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Legal At Last # 5 Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Life Support (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Life Support (2007) Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\LimeWire Pro Version 5.0.01 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\LimeWire Pro Version 5.0.01 Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Limo Secrets # 2 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Limo Secrets # 2 Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Live Free of Die Hard (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Live Free of Die Hard (2007) Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Live Free or Die (2006) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Live Free or Die (2006) Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Loki Heroes OBet On Soldier Blackout On Saigonf Mythology Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Loki Heroes OBet On Soldier Blackout On Saigonf Mythology Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Mae - The Everglow Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Mae - The Everglow Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Marc Dorcel - Hardcore Paradise Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Marc Dorcel - Hardcore Paradise Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Marvin Gaye - In Our Lifetime (REMASTERED) 2007 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Marvin Gaye - In Our Lifetime (REMASTERED) 2007 Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Medal of Honor Airborne Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Medal of Honor Airborne Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Medal Of Honor Airborne Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Medal Of Honor Airborne Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Men in Black II (2002) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Men in Black II (2002) Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Microsoft Flight Simulator X Acceleration Expansion Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Microsoft Flight Simulator X Acceleration Expansion Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Mini Van Moms #7 (2007) XXX Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Mini Van Moms #7 (2007) XXX Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Monkey Island III Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Monkey Island III Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Monkey Island III The Curse Of Monkey Island Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Monkey Island III The Curse Of Monkey Island Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Mouth (DVD Rip) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Mouth (DVD Rip) Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Mr. Brooks (2007) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Mr. Brooks (2007) Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Munich (2005) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Munich (2005) Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Munnabhai M.B.B.S. [2003] Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Munnabhai M.B.B.S. [2003] Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\My Super Ex-Girlfriend (2006) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\My Super Ex-Girlfriend (2006) Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Nancy Drew The Legend Of The Crystal Skull Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Nancy Drew The Legend Of The Crystal Skull Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Natalie Imbruglia - Glorious The Singles 1997-2007 2 Vids Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Natalie Imbruglia - Glorious The Singles 1997-2007 2 Vids Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Need For Speed Most Wanted Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Need For Speed Most Wanted Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Need for Speed Underground 2 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Need for Speed Underground 2 Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Oceans Thirteen (2007) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Oceans Thirteen (2007) Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Perfect Kiss Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Perfect Kiss Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Pink - I'm Not Dead Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Pink - I'm Not Dead Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Pirates of the Caribbean At World's End (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Pirates of the Caribbean At World's End (2007) Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Placebo - Meds Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Placebo - Meds Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Pro Evolution Soccer 2008 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Pro Evolution Soccer 2008 Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Pro-Am Pussy Adventure Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Pro-Am Pussy Adventure Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Registry Mechanic 7.0.0.1010 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Registry Mechanic 7.0.0.1010 Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Revelacoes Anais XXX Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Revelacoes Anais XXX Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Rihanna - The Singles Collection (2007) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Rihanna - The Singles Collection (2007) Crack.zip ZIP: infected - 1 skipped

alchap

2008-01-26, 11:04

C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Schiller - Life The Club Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Schiller - Life The Club Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\School for Scoundrels (2006) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\School for Scoundrels (2006) Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Scream 2 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Scream 2 Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Seven - Home Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Seven - Home Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Shanghai Knights (2003) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Shanghai Knights (2003) Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Skinwalkers (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Skinwalkers (2007) Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\SlySoft Game Jackal Pro v2.9.18.600 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\SlySoft Game Jackal Pro v2.9.18.600 Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Sonic Riders Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Sonic Riders Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Star Trek Away Team Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Star Trek Away Team Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Star Wolves 2 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Star Wolves 2 Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Stevie Ray Vaughan - In the Beginning Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Stevie Ray Vaughan - In the Beginning Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Stranger Than Fiction (2006) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Stranger Than Fiction (2006) Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Stunt GP Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Stunt GP Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Surf's Up (2007) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Surf's Up (2007) Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Sword Of The Stars Born Of Blood Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Sword Of The Stars Born Of Blood Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\System Of A Down - Toxicity Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\System Of A Down - Toxicity Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Tatu - 200 KmH in the Wrong Lane Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Tatu - 200 KmH in the Wrong Lane Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\The Bourne Ultimatum [2007] Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\The Bourne Ultimatum [2007] Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\The Chronicles of Riddick Dark Fury (2004) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\The Chronicles of Riddick Dark Fury (2004) Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\The Girl Next Door (2004) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\The Girl Next Door (2004) Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\The Lord of the Rings The Two Towers (2002) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\The Lord of the Rings The Two Towers (2002) Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\The Mark of Cain (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\The Mark of Cain (2007) Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\The Matrix Revolutions (2003) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\The Matrix Revolutions (2003) Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\The Sims 2 Bon Voyage Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\The Sims 2 Bon Voyage Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\The Young the Gay and the Restless (2006) Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\The Young the Gay and the Restless (2006) Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Thr3e (2006) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Thr3e (2006) Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Tiger Woods PGA Tour 08 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Tiger Woods PGA Tour 08 Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\TMNT (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\TMNT (2007) Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Tremors (1990) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Tremors (1990) Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Tremors 2 After Shocks (1996) Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Tremors 2 After Shocks (1996) Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Ultra Mobile 3GP Video Converter 3.8.0924 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Ultra Mobile 3GP Video Converter 3.8.0924 Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\We Fuck Em Young (2007) Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\We Fuck Em Young (2007) Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Whale Tail #3 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Whale Tail #3 Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\WinPatrol v12.2.2007.0 Crack.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\WinPatrol v12.2.2007.0 Crack.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\WM Recorder 11.3 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\WM Recorder 11.3 Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Women Seeking Women # 35 Patch.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\Women Seeking Women # 35 Patch.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\YouTube Movie Ripper 1.1.0.0 Keygen.zip/Crack.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles\Users\Alan Chapin\'\YouTube Movie Ripper 1.1.0.0 Keygen.zip ZIP: infected - 1 skipped
C:\Users\Alan Chapin\ntuser.dat Object is locked skipped
C:\Users\Alan Chapin\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Alan Chapin\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Alan Chapin\ntuser.dat{ed99e2f0-b4ef-11dc-855d-001bfc073bbe}.TM.blf Object is locked skipped
C:\Users\Alan Chapin\ntuser.dat{ed99e2f0-b4ef-11dc-855d-001bfc073bbe}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Alan Chapin\ntuser.dat{ed99e2f0-b4ef-11dc-855d-001bfc073bbe}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Debug\sam.log Object is locked skipped
C:\WINDOWS\Debug\WIA\wiatrace.log Object is locked skipped
C:\WINDOWS\Installer\MSI4BA0.tmp Object is locked skipped
C:\WINDOWS\Installer\MSI9DA7.tmp Object is locked skipped
C:\WINDOWS\Installer\MSIBCC0.tmp Object is locked skipped
C:\WINDOWS\Logs\CBS\CBS.log Object is locked skipped
C:\WINDOWS\Logs\CBS\CBS.persist.log Object is locked skipped
C:\WINDOWS\Logs\DPX\setupact.log Object is locked skipped
C:\WINDOWS\Logs\DPX\setuperr.log Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\setupact.log Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\WINDOWS\security\database\secedit.sdb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\WINDOWS\System32\catroot2\edb.log Object is locked skipped
C:\WINDOWS\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\System32\config\components Object is locked skipped
C:\WINDOWS\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\default Object is locked skipped
C:\WINDOWS\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\sam Object is locked skipped
C:\WINDOWS\System32\config\SAM.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SAM.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\security Object is locked skipped
C:\WINDOWS\System32\config\SECURITY.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SECURITY.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\software Object is locked skipped
C:\WINDOWS\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\system Object is locked skipped
C:\WINDOWS\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{ed99e2ce-b4ef-11dc-855d-001bfc073bbe}.TxR.0.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{ed99e2ce-b4ef-11dc-855d-001bfc073bbe}.TxR.1.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{ed99e2ce-b4ef-11dc-855d-001bfc073bbe}.TxR.2.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{ed99e2ce-b4ef-11dc-855d-001bfc073bbe}.TxR.blf Object is locked skipped
C:\WINDOWS\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\WINDOWS\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\System32\restore\MachineGuid.txt Object is locked skipped
C:\WINDOWS\System32\spool\SpoolerETW.etl Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped

alchap

2008-01-26, 11:05

C:\WINDOWS\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\WINDOWS\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\WINDOWS\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\IntelDH.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\System.evtx Object is locked skipped
C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
D:\$RECYCLE.BIN\Desktop.ini Object is locked skipped
D:\$RECYCLE.BIN\Protect.ed Object is locked skipped
E:\recorded tv\TempRec\TempSBE\MSDVRMM_1815733353_3604480_109 Object is locked skipped
E:\recorded tv\TempRec\TempSBE\MSDVRMM_1815733353_3801088_153 Object is locked skipped
E:\recorded tv\TempRec\TempSBE\SBE4163.tmp Object is locked skipped
E:\recorded tv\TempRec\TempSBE\SBE92AD.tmp Object is locked skipped
E:\recorded tv\TempRec\{00B5E9F9-AFA7-46EA-9D3E-58AAE6AF34DD}.TmpSBE Object is locked skipped
E:\recorded tv\TempRec\{4C5BF8E1-1215-4477-AA20-B3AB01F860DA}.TmpSBE Object is locked skipped

Scan process completed.

Shaba

2008-01-26, 11:19

Hi

Empty this folder:

C:\Users\Alan Chapin\Desktop\Spybot Folder\_OTMoveIt\MovedFiles

Empty Recycle Bin.

Still problems?

alchap

2008-01-26, 15:46

Hi Tashi!

The computer is still acting a bit strange...very sluggish, programs crashing,,and while it seems like they're running when you open them, my AT&T Anti Virus and Anti Spyware Suite is not being found by Windows Security Center. It says there is no Anti Virus or Spyware program installed. It does show Spybot and Windows Defender, although I can't get the Defender icon to appear in the taskbar. This is after re-installing the anti virus and spyware, and Defender.

Also, I found these on the other computer I've been using. It looks like simple adware but it didn't show up in Spybot, only Kaspersky. Here are the logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:25 AM, on 1/26/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ZipToA.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FSScrCtl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Iomega\Iomega Backup\dtsc.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wallpapertoy.Exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\BellSouth\HelpCenter40b\agent\bin\bcont.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hometab.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe"
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [BackWeb LiteInstaller] C:\DOCUME~1\Owner\LOCALS~1\Temp\ins1.tmp\LiteInst.exe /NoIntervention
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Startup: AVG Control Center.lnk = C:\Program Files\Grisoft\AVG7\avgcc.exe
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AVG Control Center.lnk = C:\Program Files\Grisoft\AVG7\avgcc.exe
O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
O4 - Global Startup: CounterSpy.lnk = C:\Program Files\Sunbelt Software\CounterSpy\CounterSpy.exe
O4 - Global Startup: FSScrCtl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\dtsc.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Wallpapertoy.Exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_4-2-1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1182138566937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184910219280
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastaccess.drivers.bellsouth.net/software/DSLspeedtool/bls_speedop.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe

--
End of file - 9065 bytes

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 26, 2008 7:03:44 AM
Operating System: Microsoft Windows XP Home Edition, (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/01/2008
Kaspersky Anti-Virus database records: 533283
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 99964
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 01:27:13

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\SupportSoft\HelpCenter4.1\Owner\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008012620080127\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF5415.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\BUFFALO\Client Manager3\bwsvc\Config.dat Object is locked skipped
C:\Program Files\MyWebSearchWB\bar\1.bin\NPMYSRWB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\Program Files\MyWebSearchWB\bar\1.bin\W6PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP219\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_73c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Shaba

2008-01-26, 18:02

Hi

My name is Shaba ;)

"The computer is still acting a bit strange...very sluggish, programs crashing,,and while it seems like they're running when you open them, my AT&T Anti Virus and Anti Spyware Suite is not being found by Windows Security Center. It says there is no Anti Virus or Spyware program installed."

For general slowness, see here (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html) and post back if it helped.

If programs still crash, it might be hardware issues or problems in windows installation.

As for security center thing, it can't recognize all AVs.

That is nothing to worry about if they are running like they should.

"Also, I found these on the other computer I've been using. It looks like simple adware but it didn't show up in Spybot, only Kaspersky."

Yes, just uninstall MyWebSearch via add/remove programs and delete corresponding folder if still exists after that.

This is much greater concern than MyWebSearch:

Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

No service packs at all. You should immediately install them.

alchap

2008-01-26, 22:46

:oops: Hi Shaba!

Sorry for the name confusion, it was early in the morning,
and for some reason Tashi's name came to mind. But I knew it was you who has been helping me through this crisis...and I really appreciate all the time and effort!! :bigthumb: The only thing about the Security Center that bothers me is that it recognized everything before this whole thing happened. Thanks for the startup and cleanup tips, I will try that. And I know I need to update the XP. I've just been "if it ain't broke, don't fix it", but it's probably about time.

So as far as you can tell, the Vista logs look OK, and I should be disinfected with no hidden files lurking in the background that will send me to Japan?

Shaba

2008-01-27, 11:09

Hi

Yes, vista logs look good.

As for Security Center thing, here (http://www.howtofixcomputers.com/forums/210469-post2.html) are instructions for xp.

You may try if they work for vista, too (at your own risk, of course).

alchap

2008-01-27, 12:46

Hi Shaba,

This came up when I ran a scan of the All Users folder.
The interesting thing was I had just run a scan on the whole Users file, and nothing came up. Here's the log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 27, 2008 6:21:11 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/01/2008
Kaspersky Anti-Virus database records: 533960
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\Users\All Users
C:\Users\Default\
C:\Users\Default User
C:\Users\Guest\
C:\Users\IUSR_NMPR.AlanChapin-PC\
C:\Users\Public\

Scan Statistics:
Total number of scanned objects: 34909
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 00:11:39

Infected Object Name / Virus Name / Last Action
C:\Users\All Users\AT&T\AT&T Internet Security Suite\Logs\AT&T Firewall - Blocked Packets - 01-27-2008--04-15-46.log Object is locked skipped
C:\Users\All Users\AT&T\AT&T Internet Security Suite\Logs\FirewallService01-27-2008--02-24-08.log Object is locked skipped
C:\Users\All Users\AT&T\AT&T Internet Security Suite\Logs\Fw_Session.log Object is locked skipped
C:\Users\All Users\AT&T\AT&T Internet Security Suite\Logs\SafetyConsoleLog01-27-2008--04-15-38.log Object is locked skipped
C:\Users\All Users\AT&T\AT&T Internet Security Suite\Logs\ServiceModel01-27-2008--04-15-38.log Object is locked skipped
C:\Users\All Users\Hewlett-Packard\HP Print Settings\HPclko9h.cfg Object is locked skipped
C:\Users\All Users\Hewlett-Packard\HP Print Settings\HPferf6o.cfg Object is locked skipped
C:\Users\All Users\Hewlett-Packard\HP Print Settings\HPnoeus6.cfg Object is locked skipped
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\659ec7a09311eccd2a9a425048f67140_f9f80b1a-5bab-48b7-8e4e-913c82b51678 Object is locked skipped
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_f9f80b1a-5bab-48b7-8e4e-913c82b51678 Object is locked skipped
C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_f9f80b1a-5bab-48b7-8e4e-913c82b51678 Object is locked skipped
C:\Users\All Users\Microsoft\eHome\EPG\e56f73ec43c6498484c47b4c3e2ef1e3.sdf Object is locked skipped
C:\Users\All Users\Microsoft\User Account Pictures\IUSR_NMPR.dat Object is locked skipped
C:\Users\All Users\Microsoft\Windows\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Users\All Users\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\dllhost.exe Infected: Virus.Win32.Fontra.c skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiondb.mdb1 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiondb.mdb2 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectionnameindex.mdb1 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectionnameindex.mdb2 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectionrevindex.mdb1 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectionrevindex.mdb2 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiontypedateindex.mdb1 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiontypedateindex.mdb2 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiontypeindex.mdb1 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiontypeindex.mdb2 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiontypenameindex.mdb1 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiontypenameindex.mdb2 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_content.mdb1 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_content.mdb2 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_creationdateindex.mdb1 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_creationdateindex.mdb2 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_propdb.mdb1 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_propdb.mdb2 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_typenameindex.mdb1 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_typenameindex.mdb2 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_urldb.mdb1 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_urldb.mdb2 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_urlindex.mdb1 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Intel\IntelDH\mediaserver\db\mb_urlindex.mdb2 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Microsoft\Windows\UsrClass.dat{cb1543e7-63db-11dc-90d8-001bfc073bbe}.TM.blf Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Microsoft\Windows\UsrClass.dat{cb1543e7-63db-11dc-90d8-001bfc073bbe}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\AppData\Local\Microsoft\Windows\UsrClass.dat{cb1543e7-63db-11dc-90d8-001bfc073bbe}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\ntuser.dat Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\ntuser.dat.LOG1 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\ntuser.dat.LOG2 Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\IUSR_NMPR.AlanChapin-PC\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

Scan process completed.

Shaba

2008-01-27, 12:48

Hi

Delete this file:

C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\dllhost.exe

Empty Recycle Bin.

Post back a fresh HijackThis log.

alchap

2008-01-27, 12:59

It says "Destination folder access denied. You need permission to access this folder." This is after I already had authorized the action.

Shaba

2008-01-27, 13:16

Hi

Double click OTMoveIt.exe to launch it.
Copy/Paste the contents of the box below into the left hand pane of OTMoveIt.

C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\dllhost.exe

Click the Move It button.
The list will be processed and the results will appear in the right hand pane.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
When finished click Exit to exit the programme.
A log C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log will be created (where mmddyyyy_hhmmss are numbers giving date and time the log was created).

Post back contents of that file and a fresh HijackThis log, please.

alchap

2008-01-27, 14:21

Shaba,

Ran Move It...told me to reboot to remove...reboot...searched for file and deleted. It's not in the Recycle Bin though, so I hope it just bypassed it!

Here's the logs:

File move failed. C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\dllhost.exe scheduled to be moved on reboot.

Created on 01/27/2008 07:35:03

File/Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\dllhost.exe not found.

Created on 01/27/2008 07:51:58

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:18 AM, on 1/27/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\RPS.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Iconoid\iconoid.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\dllhost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll
O2 - BHO: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Iconoid] "C:\Program Files\Iconoid\iconoid.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-916728736-257858344-4049364129-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12547 bytes

Shaba

2008-01-27, 14:29

Hi

It's still there:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\dllhost.exe

Kill dllhost.exe via task manager

Delete C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\dllhost.exe

Empty Recycle Bin.

Reboot.

Post back a fresh HijackThis log, please.

alchap

2008-01-27, 15:06

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:53 AM, on 1/27/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\AT&T\Internet Security Wizard\ISW.exe
C:\Program Files\AT&T\AT&T Internet Security Suite\RPS.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Iconoid\iconoid.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\hp\kbd\kbd.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Bellsouth\HelpCenter40b\agent\bin\bcont.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\AT&T\AT&T Internet Security Suite\pkR.dll
O2 - BHO: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AT&T Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HelpCenter4.1] C:\Program Files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe /P HelpCenter4.1
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [ISW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN
O4 - HKLM\..\Run: [AT&T Internet Security Suite] "C:\Program Files\AT&T\AT&T Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Iconoid] "C:\Program Files\Iconoid\iconoid.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-916728736-257858344-4049364129-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: AT&T Internet Security Suite Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\AT&T\AT&T Internet Security Suite\rpsupdaterR.exe
O23 - Service: AT&T Internet Security Suite AT&T Firewall (RP_FWS) - AT&T - C:\Program Files\AT&T\AT&T Internet Security Suite\Fws.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12438 bytes

Shaba

2008-01-27, 15:30

Hi

That looks good :)

You can check if these exist and delete if so:

c:\Program Files\setup.exe
c:\Program Files\Track_03.exe
c:\Program Files\Video.exe
c:\Program Files\a.zip
c:\Program Files\b.zip
c:\Program Files\c.zip
c:\Program Files\uy.exe

Empty Recycle Bin.

Still problems?

alchap

2008-01-28, 01:41

Hi Shaba,

It looks like those files don't exist, so I think we're OK. My question is...was that "Virus.Win32.Fontra.c"
a new virus I picked up or was it there the whole time?
And if so, how come no scan picked it up? If I didn't happen to scan the All Users folder, we never would have found it.:scratch:

Shaba

2008-01-28, 11:32

Hi

Looks like it came during cleaning process.

However, we can't be 100% sure.

Any other issues?

alchap

2008-01-28, 15:47

Hi Shaba,

The only other thing I noticed, and the reason that I was scanning the Users folder was when I right click on a file and go to Properties, and then the Security tab, there are two user accounts named Account Unknown followed by a long number and ending with -1000 on one, and -1002 on
the other. I checked the User Accounts from the Control Panel, and they don't show up, and I searched through the
Users folder on C:, and they're not there. That's why I did the scan on the User folder, and then on All Users.
When I try to remove the Accounts on the file level, I get a message saying "You can't remove Account Unknown because this object is inheriting permissions from it's parent"

Shaba

2008-01-28, 16:40

Hi

Do they show if you show hidden and system files?

alchap

2008-01-29, 04:27

Hi Shaba,

No they don't show. The only Users that appear are Alan Chapin, Default, Guest, IUSR_NMPR.Alan Chapin-PC (Which I think is The Intel Media Server), and Public. The other problem is that I'm supposed to be the Administrator since I'm the only user created, but sometimes I get denied , saying I need adminstrative rights.

AC

Shaba

2008-01-29, 10:45

Hi

I'm no expert for that issue but I can forward you for some windows forum for that issue.

Is it ok?

alchap

2008-01-29, 13:53

Hi Shaba,

That would be great if you could direct me somewhere
about that problem. Computer seems to be running OK, it's still got issues, but I think that is the virus called Vista. So in other words, since those Unknown Users don't show up anywhere, I shouldn't worry about them? Is there any way to get them out of the file properties?

AC

Shaba

2008-01-29, 15:18

Hi

Like I said, I don't know for sure but I don't think that they are threat or something. Some windows surely would be able to help you.

Any other issues or are we ready for my final instructions? :)

alchap

2008-01-29, 17:11

I think I'm ready for the Final Instructions!! :yahoo:

Shaba

2008-01-29, 17:18

Hi

Then you're clean!

As for that remaining issue, I recommend this (http://forums.pcpitstop.com/index.php?) place.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) 6 Update 4 (http://java.sun.com/javase/downloads/index.jsp) and save it to your desktop.
Scroll down to where it saysThe J2SE Runtime Environment (JRE) allows end-users to run Java applications.
Click the Download button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.

Next we remove all used tools.

Please download OTMoveIt2 (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe) and save it to desktop.

Double-click OTMoveIt2.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt2 attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows Vista System Restore Guide (http://www.bleepingcomputer.com/tutorials/tutorial143.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Comodo BOCLEAN (http://www.comodo.com/boclean/boclean.html) <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)

Happy surfing and stay clean! :bigthumb: