Wetcoaster
2008-04-04, 01:37
Hello and thanks for reading...
Have constant popup of ads especially after reboot. Have completed the tasks re 'Before Posting...' etc and here is my HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:29:40 PM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Quebecor World\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\MDAEMON7.2\App\MDaemon.exe
C:\Program Files\Outlook Express\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\MDAEMON7.2\App\CFEngine.exe
C:\MDAEMON7.2\SpamAssassin\MDSpamD.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Serv-U\ServUDaemon.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\DynDNS Updater\DynDNS.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Serv-U\ServUTray.exe
C:\Documents and Settings\edsdev\My Documents\Install\mTorrent\utorrent.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\httpd\OHTTPD.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://securityresponse.symantec.com/avcenter/cgi-bin/virauto.cgi?vid=4294905956
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O1 - Hosts: 172.23.157.25 intranet.qwinc.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.23\aaCenter.exe
O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.23\AsRunHelp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe"
O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files\Serv-U\ServUTray.exe
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\edsdev\My Documents\Install\mTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\edsdev\My Documents\Install\mTorrent\utorrent.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [LogitechSetup] C:\DOCUME~1\edsdev\LOCALS~1\Temp\QuickCam_11.1.0\setup.exe /skip_all_checks /p /start /restart /l:enu
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Simp] C:\Program Files\Secway\SimpLite-MSN 2.2\SimpLite-MSN.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OHTTPD.exe.lnk = C:\httpd\OHTTPD.exe
O4 - Global Startup: Quebecor World VPN Client.lnk = C:\Program Files\Quebecor World\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.26/uploader2.cab
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.com/devicesoftware/AxLoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188251449585
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188251442460
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab
O16 - DPF: {BCFA4759-1193-4EC3-92A0-F03F6461DA78} (TABSFileup Class) - http://ibbank.net/manual/TABSFileupU.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB9AFB22-74DC-45E4-BE10-AA6F0EF7AF27}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Quebecor World\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DynDNS Updater Service (DynDNS_Updater_Service) - Kana Solution - C:\Program Files\DynDNS Updater\DynDNS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MDaemon email server (MDaemon) - Alt-N Technologies, Ltd. - C:\MDAEMON7.2\App\MDaemon.exe
O23 - Service: Window Net Dns (MyDNS) - Unknown owner - C:\Program Files\Outlook Express\svchost.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Rhino Software, Inc. +1(262) 560-9627 - C:\Program Files\Serv-U\ServUDaemon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
--
End of file - 17135 bytes
Wetcoaster
2008-04-04, 01:39
and here is the KOS log Part #1- hope you can help
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, April 03, 2008 2:41:06 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/04/2008
Kaspersky Anti-Virus database records: 679710
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan Statistics:
Total number of scanned objects: 220676
Number of viruses found: 15
Number of infected objects: 33
Number of suspicious objects: 59
Duration of the scan process: 03:45:25
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.62.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.62.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.ci Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wsb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl181.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy153.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy154.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf4.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf5.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_98c.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\VMware\vmnetdhcp.leases Object is locked skipped
C:\Documents and Settings\BA\Application Data\Nero\Nero8\OnlineServices\registrationinfo.xml Object is locked skipped
C:\Documents and Settings\BA\Local Settings\Temp\vmware-BA\vmware-vix-BA-3980.log Object is locked skipped
C:\Documents and Settings\BA\Local Settings\Temp\vmware-BA\vmware-vix-BA-4120.log Object is locked skipped
C:\Documents and Settings\BA\Local Settings\Temp\vmware-BA\vmware-vix-BA-4636.log Object is locked skipped
C:\Documents and Settings\BA\Local Settings\Temp\vmware-BA\vmware-vix-BA-7608.log Object is locked skipped
C:\Documents and Settings\edsdev\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\edsdev\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\edsdev\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\edsdev\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\edsdev\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\edsdev\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\edsdev\Local Settings\Application Data\Microsoft\Messenger\ianwb@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\edsdev\Local Settings\Application Data\Microsoft\Messenger\ianwb@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\edsdev\Local Settings\Application Data\Microsoft\Messenger\ianwb@hotmail.com\SharingMetadata\Working\database_DAF4_3808_F437_E603\dfsr.db Object is locked skipped
C:\Documents and Settings\edsdev\Local Settings\Application Data\Microsoft\Messenger\ianwb@hotmail.com\SharingMetadata\Working\database_DAF4_3808_F437_E603\fsr.log Object is locked skipped
C:\Documents and Settings\edsdev\Local Settings\Application Data\Microsoft\Messenger\ianwb@hotmail.com\SharingMetadata\Working\database_DAF4_3808_F437_E603\fsrtmp.log Object is locked skipped
C:\Documents and Settings\edsdev\Local Settings\Application Data\Microsoft\Messenger\ianwb@hotmail.com\SharingMetadata\Working\database_DAF4_3808_F437_E603\tmp.edb Object is locked skipped
C:\Documents and Settings\edsdev\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/07 Mar 2008 14:25 from PayPal:PayPal Important Notification !.eml Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\edsdev\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/07 Mar 2008 14:24 from PayPal:PayPal Important Notification !.eml Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\edsdev\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Inbox/28 Mar 2005 11:38 from CharterOne® NET Security Department:Anti .html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\edsdev\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: suspicious - 3 skipped
C:\Documents and Settings\edsdev\Local Settings\Application Data\Microsoft\Terminal Server Client\Cache\bcache22.bmc Object is locked skipped
C:\Documents and Settings\edsdev\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\edsdev\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\edsdev\Local Settings\Application Data\Microsoft\Windows Live Contacts\ianwb@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\edsdev\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\edsdev\Local Settings\History\History.IE5\MSHist012008040320080404\index.dat Object is locked skipped
C:\Documents and Settings\edsdev\Local Settings\Temp\Perflib_Perfdata_928.dat Object is locked skipped
C:\Documents and Settings\edsdev\Local Settings\Temp\vmware-EdsDev\vmware-vix-EdsDev-2640.log Object is locked skipped
C:\Documents and Settings\edsdev\Local Settings\Temp\~DFB4F2.tmp Object is locked skipped
C:\Documents and Settings\edsdev\Local Settings\Temp\~DFB520.tmp Object is locked skipped
C:\Documents and Settings\edsdev\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\edsdev\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\edsdev\My Documents\Install\Btrieve\btrvbupd.zip/Updater.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\edsdev\My Documents\Install\Btrieve\btrvbupd.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\edsdev\My Documents\Install\FTPServ-U4.0\sugerman.exe/SERVUDAEMON.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.4103 skipped
C:\Documents and Settings\edsdev\My Documents\Install\FTPServ-U4.0\sugerman.exe ZIP: infected - 1 skipped
C:\Documents and Settings\edsdev\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\edsdev\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\7zSB2C.tmp\WinRar v3.70b4 Setup.exe Object is locked skipped
C:\Documents and Settings\Owner\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\XQXTTK7D\www.youtube.com\soundData.sol Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Address Book\Owner.wab Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Address Book\Owner.wab~ Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Credentials\S-1-5-21-436374069-1972579041-839522115-1003\Credentials Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Office\Excel10.pip Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Protect\S-1-5-21-436374069-1972579041-839522115-1003\01b4145e-71fc-465e-baac-51c14e503a2a Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Protect\S-1-5-21-436374069-1972579041-839522115-1003\Preferred Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Cookies\owner@ads.ookla[1].txt Object is locked skipped
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt Object is locked skipped
C:\Documents and Settings\Owner\Cookies\owner@google[1].txt Object is locked skipped
C:\Documents and Settings\Owner\Cookies\owner@kelowna[2].txt Object is locked skipped
C:\Documents and Settings\Owner\Cookies\owner@m.webtrends[2].txt Object is locked skipped
C:\Documents and Settings\Owner\Cookies\owner@microsoft[1].txt Object is locked skipped
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt Object is locked skipped
C:\Documents and Settings\Owner\Cookies\owner@searchportal.information[1].txt Object is locked skipped
C:\Documents and Settings\Owner\Cookies\owner@speedtest[1].txt Object is locked skipped
C:\Documents and Settings\Owner\Cookies\owner@www.22ndstreetcomputers[1].txt Object is locked skipped
C:\Documents and Settings\Owner\Cookies\owner@www.peedtest[1].txt Object is locked skipped
C:\Documents and Settings\Owner\Cookies\owner@youtube[1].txt Object is locked skipped
C:\Documents and Settings\Owner\Desktop\Shortcut to Install.lnk Object is locked skipped
C:\Documents and Settings\Owner\Desktop\Shortcut to nbpro.exe.lnk Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Microsoft Websites\IE Add-on site.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Microsoft Websites\IE site on Microsoft.com.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Microsoft Websites\Marketplace.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Microsoft Websites\Microsoft At Home.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Microsoft Websites\Microsoft At Work.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Microsoft Websites\Welcome to IE7.url Object is locked skipped
C:\Documents and Settings\Owner\GLBB31.tmp Object is locked skipped
Wetcoaster
2008-04-04, 01:40
And here is part#2 of the KOS
C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4A7EF5CB-B9EA-4036-88EE-143A8BA4611E}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4A7EF5CB-B9EA-4036-88EE-143A8BA4611E}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4A7EF5CB-B9EA-4036-88EE-143A8BA4611E}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{4A7EF5CB-B9EA-4036-88EE-143A8BA4611E}\Microsoft\Outlook Express\Outbox.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\0NLO5DBG\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\JVZZHMBN\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\JVZZHMBN\fwlink[1] Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\RGLU4017\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\RGLU4017\fwlink[1] Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\TSZ38POT\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\05192007.Log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007051920070520\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\bdemerge.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\borlndlm.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\clx.dro Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\createudl.exe Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\FCCADD4F.TMP Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\GLC7CA.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\GLC7D1.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\GLF7CE.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\GLF7CF.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\GLF7D0.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\GLF7D5.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\GLF7D6.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\GLF7D7.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\GLG7CD.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\GLG7D4.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\GLJ7CB.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\GLJ7D2.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\idapi.cnf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\IDAPI32.CFG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\IEC5.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\isp36.tmp\_Setup.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\isp5.tmp\_Setup.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\mso2F.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\netfxupdate.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\offcln10.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Office XP Professional with FrontPage Setup(0001).txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Office XP Professional with FrontPage Setup(0001)_Task(0001).txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pdk-Owner\04fd4c355ee4d6745039c0e26ee35bbd.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pdk-Owner\142f1f73ea8a4ef5d97a09bc7fa12082.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pdk-Owner\15bd0ce677d4e91f04fa9e9e0802f2c1.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pdk-Owner\1890442fca8f85e8dd017e73c1d1412e.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pdk-Owner\2702e0cfa88c857f61d1b1c62f021234.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pdk-Owner\3d96fc474ad08dd2a977ee4ae0a5bb1a.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pdk-Owner\43b965ce4d04b0666c0805ec8d8aa9d7.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pdk-Owner\44a84ae0057c065b284e031c2913b8e0.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pdk-Owner\5a343e63ab2cfc12cc9ff69357e4c0ba.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pdk-Owner\731376cca0c87f28ab9530bb7addec08.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pdk-Owner\7c907bb62acfd587b40f44491e31264a.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pdk-Owner\84b38bcf9223bae145f064c64aa65d89.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pdk-Owner\9e54fd72ddb76db13cf1136140fc4678.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pdk-Owner\b6543d2aee40262cf0606f443e84e226.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pdk-Owner\d431143ce0d300df708c79269a7c067a\perl58.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pdk-Owner\e9131fd55372248df7d4bbb1833d68c8.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\pdk-Owner\f42c3d9928c2fbb4b98bbdef642fadd4.dll Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\SAV_INST.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Set1.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\set32.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\SPTDinst-x86.exe Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\SYMEVENT.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\ZKCRPWFD\LUSETUP.EXE Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\ZKCRPWFD\vdefhub.zip Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\01HM568X\favicon[1].ico Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\01HM568X\motdu[1].htm Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BJM3SO81\favicon[1].ico Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BJM3SO81\favicon[2].ico Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BJM3SO81\favicon[3].ico Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MSUF4CRD\favicon[1].ico Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U8AII5JN\bg2[1].jpg Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U8AII5JN\heading2[1].jpg Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\U8AII5JN\white_box[1].gif Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Untitled.nbi Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\ntuser.ini Object is locked skipped
C:\Documents and Settings\Owner\Recent\CD Drive.lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\core.nfo.lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Recent\DU Meter v3.07 build 192.part1.rar.lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\Dumeter3.lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\Mdaemon 900+Antivir 229+Webadmin 320.lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\readme.txt.lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\Todo.txt.lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\Untitled.nbi.lnk Object is locked skipped
C:\Documents and Settings\Owner\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Owner\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Owner\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Owner\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\ThumbView_Lite\Homepage.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\ThumbView_Lite\License.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\ThumbView_Lite\Uninstall.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\WinRAR\Console RAR manual.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\WinRAR\WinRAR help.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\WinRAR\WinRAR.lnk Object is locked skipped
C:\Documents and Settings\Owner\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Owner\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Owner\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Owner\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Owner\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Owner\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Owner\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Owner\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Owner\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Owner\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Owner\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Owner\Templates\wordpfct.wpg Object is locked skipped
C:\MDAEMON\CFILTER\QUARANT\cf10814464.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf1105713664.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf116242704.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf11876630.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf12357955.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf1264566.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf1280223257.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf13314504.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf135572225.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf1360827061.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf1402514296.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf145416968.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf153961193.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf1550420720.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf1660731978.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf166691006.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf1711118391.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
Wetcoaster
2008-04-04, 01:41
part#3 boy this is big!
C:\MDAEMON\CFILTER\QUARANT\cf1744019882.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf1894227187.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf1967818560.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf2000414077.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf203068884.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf2076032334.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf207816707.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf2086416996.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf2152413846.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf22745938.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf236639378.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf2685932465.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf26922105.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf275432208.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf2889521625.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf2905532187.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf291734693.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf3208216832.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf361510496.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf385020558.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf480817995.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf494723438.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf526021813.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf542816120.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf56473610.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf58213043.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf634022930.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf63588657.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf64135614.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf6618363.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf713221553.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf733612958.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf827717476.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf953916768.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf967813058.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON\CFILTER\QUARANT\cf979627900.att Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\MDAEMON7.2\CFilter\QUARANT\cf113953879.txt Infected: Trojan-Spy.HTML.Bayfraud.bu skipped
C:\MDAEMON7.2\CFilter\QUARANT\cf116304992.txt Infected: Trojan-Spy.HTML.Bayfraud.dc skipped
C:\MDAEMON7.2\CFilter\QUARANT\cf149712901.txt Infected: Trojan-Spy.HTML.Fraud.f skipped
C:\MDAEMON7.2\CFilter\QUARANT\cf1579018089.txt Infected: Trojan-Spy.HTML.Bayfraud.dc skipped
C:\MDAEMON7.2\CFilter\QUARANT\cf1772430235.txt Infected: Trojan-Spy.HTML.Fraud.l skipped
C:\MDAEMON7.2\CFilter\QUARANT\cf1886629983.txt Infected: Trojan-Spy.HTML.Bayfraud.dc skipped
C:\MDAEMON7.2\CFilter\QUARANT\cf201056869.txt Infected: Trojan-Spy.HTML.Paylap.dl skipped
C:\MDAEMON7.2\CFilter\QUARANT\cf2183920490.txt Infected: Trojan-Spy.HTML.Bayfraud.dc skipped
C:\MDAEMON7.2\CFilter\QUARANT\cf2899532106.txt Infected: Trojan-Spy.HTML.Fraud.f skipped
C:\MDAEMON7.2\CFilter\QUARANT\cf517424329.txt Infected: Trojan-Spy.HTML.Bayfraud.dc skipped
C:\MDAEMON7.2\CFilter\QUARANT\cf82652773.txt Infected: Trojan-Spy.HTML.Bayfraud.dc skipped
C:\MDAEMON7.2\CFilter\QUARANT\cf84352865.txt Infected: Trojan-Spy.HTML.Paylap.m skipped
C:\MDAEMON7.2\Logs\MDaemon-all.log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-AntiSpam.log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-AntiVirus.log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-Content-Filter.log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-DKDKIM.log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-DNSBL.log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-DomainPOP.log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-IMAP.log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-MDSpamD.log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-MultiPOP.log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-Outlook-Connector.log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-Plug-ins.log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-POP.log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-RAW.log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-Routing.log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-SMTP-(in).log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-SMTP-(out).log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-SPFSender-ID.log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-Statistics.log Object is locked skipped
C:\MDAEMON7.2\Logs\MDaemon-System.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped
C:\Program Files\Outlook Express\svchost.exe Infected: Trojan.Win32.Delf.bhp skipped
C:\Program Files\My Company\VPN Client\Certificates\CAAAAAAA.CDX Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\CAAAAAAA.DBF Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\CAAAAAAA.FPT Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\CBAAAAAA.CDX Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\CBAAAAAA.DBF Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\CBAAAAAA.FPT Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\CCAAAAAA.CDX Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\CCAAAAAA.DBF Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\CCAAAAAA.FPT Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\CDAAAAAA.CDX Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\CDAAAAAA.DBF Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\CDAAAAAA.FPT Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\PAAAAAAA.CDX Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\PAAAAAAA.DBF Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\PAAAAAAA.FPT Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\PBAAAAAA.CDX Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\PBAAAAAA.DBF Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\PBAAAAAA.FPT Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\PCAAAAAA.CDX Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\PCAAAAAA.DBF Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\PCAAAAAA.FPT Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\PDAAAAAA.CDX Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\PDAAAAAA.DBF Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\PDAAAAAA.FPT Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\RAAAAAAA.CDX Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\RAAAAAAA.DBF Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\RAAAAAAA.FPT Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\RBAAAAAA.CDX Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\RBAAAAAA.DBF Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\RBAAAAAA.FPT Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\RCAAAAAA.CDX Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\RCAAAAAA.DBF Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\RCAAAAAA.FPT Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\RDAAAAAA.CDX Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\RDAAAAAA.DBF Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\RDAAAAAA.FPT Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\RSADB.CDX Object is locked skipped
C:\Program Files\My Company\VPN Client\Certificates\RSADB.DBF Object is locked skipped
C:\Program Files\My Company\VPN Client\Logs\LOG-2008-04-03-10-05-37.txt Object is locked skipped
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\Serv-U\ServUAdmin.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.6404 skipped
C:\Program Files\Serv-U\ServUAdmin.exe.bak Infected: not-a-virus:Server-FTP.Win32.Serv-U.6404 skipped
C:\Program Files\Serv-U\ServUDaemon.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.6404 skipped
C:\Program Files\Serv-U\ServUDaemon.exe.bak Infected: not-a-virus:Server-FTP.Win32.Serv-U.6404 skipped
C:\Program Files\Serv-U\ServUPerfCount.dll Infected: not-a-virus:Server-FTP.Win32.Serv-U.6404 skipped
C:\Program Files\Serv-U\ServUTray.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.6404 skipped
C:\Program Files\Serv-U\SetupUtil.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.6404 skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0627NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0732NAV~.TMP Object is locked skipped
C:\RECYCLER\S-1-5-21-436374069-1972579041-839522115-1003\Dc1.nbi Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7B8710BA-3E6E-43DB-BACC-E270F76A5335}\RP422\A0056875.exe/data0000.cab/topten.exe Infected: Trojan.Win32.Pakes.cgn skipped
C:\System Volume Information\_restore{7B8710BA-3E6E-43DB-BACC-E270F76A5335}\RP422\A0056875.exe/data0000.cab Infected: Trojan.Win32.Pakes.cgn skipped
C:\System Volume Information\_restore{7B8710BA-3E6E-43DB-BACC-E270F76A5335}\RP422\A0056875.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{7B8710BA-3E6E-43DB-BACC-E270F76A5335}\RP424\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd9837.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_bb0.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_cb8.dat Object is locked skipped
C:\WINDOWS\Temp\vmware-vmount.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.