View Full Version : Infected with nideiect.com & wintems.exe and maybe more
Suzeabelle
2008-04-09, 00:21
I read what I should do before I post-no logs included yet because I'm stuck.
I can't install spybot. I actually had it on the infected machine and when I was hit with this it was disabled. I have tried a reinstall however the machine wants to connect to the net in order to do the installation. Is there a version I can download and try to install without needing net access?
I currently have that machine off the net. I can try to go online and run kapersky online scan- before doing that I wanted to check if there is a safe way to do that. I did try the Trend-micro site last night when this started AND it disabled that install as well. The message was not a WIN32APP.
I've seen the following behavior so far since being attacked:
1. Removes the ability to see hidden files from the registry. I've overcome this by copying the HIDDEN registry entry from another machine. I have to run this each time I reboot if I want to see that option available on the list - View Files under Folder settings.
2. Disabled all spyware tools & Virus protection.
Programs Disabled:
CA Anti-Virus (totally up to date &I ran it on the file before I clicked on the .exe came up clean)
Spy-bot,
Spy-doctor.
Zone Alarm was completely disabled- vsmon.exe was replaced.
I can't install anything that is in this category. Somehow Ad-Aware (old version) survived however definitions are out of date.
3. Infected USB key with two files Autorun.inf AND nideiect.com- My CA virus is catching the Autorun.inf each time I insert in in my other (working) laptop.
4. CPU usage is running high
5. Autorun.inf file was identified by CA as virus INF/Rolepi- there is no additional information from them
6. I appear to be unable to start in Safe mode- it keeps looping back. I can start normally.
7. Restoring to a previous day with Windows Restore was not effective. Said no can do- no files were changed.
Looking forward to getting this off my machine. Let me know what to do next.
Thanks in advance for your assistance.
Suze
Suzeabelle
2008-04-09, 02:33
Additional Information:
I renamed the hijack.exe to StoneRulz.exe before putting on a key and moving it to the infected machine- and it fooled the virus.
This is the second log that I ran, I wasn't sure wintems.exe was running when I made the first one- since it seems to come and go.
I've located where is is spawning files in C:\Windows\System32\Drivers (hidden folder)
They are following the following naming sequence:
kmxcfg.u2k0
kmxcfg.u2k1
kmxcfg.u2k2 etc.
WINTEMS.exe was running in the Task Manager at the time of the log below
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:31 PM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe
C:\Program Files\Vonage\Vonage Click-2-Call\click2call.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\Office03\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Treat\Desktop\StoneRulz.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pralerts.zonelabs.com/pralerts/pranalyze.jsp?PN=&VER=&FN=&Created=0&Size=0&MD5=ffffffffffffffffffffffffffffffff&CRC=ffffffff&RIPA=64.59.144.18&RP=13568&RP=13568&Connect=1&Pgmstatus=3&Zone=2&Keycode=&Product=ZoneAlarm&ProductVersion=2.6.362&HU100=&DTST=11343 (obfuscated)
O1 - Hosts: 80.190.241.30 home.edonkey.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [Vonage] C:\Program Files\Vonage\Vonage Click-2-Call\click2call.exe
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Office03\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office03\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office03\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120859957750
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} (CitrixOnline GoToMeeting Downloader) - https://www.gotomeeting.com/default/applets/g2mdlax.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://syngence.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA Personal Firewall ASEM - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: TrueVector Basic Logging Client (minilog) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\MINILOG.EXE (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
--
End of file - 12281 bytes
Hi
You have a Baggle infection there.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)
However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.
Please let us know what you have decided to do in your next post.
That USB stick is infected and have to be formatted. Here (http://www.supermediastore.com/how-to-format-usb-flash-memory.html) is a set of instructions for doing it.
Suzeabelle
2008-04-13, 06:13
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 12, 2008 11:09:37 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/04/2008
Kaspersky Anti-Virus database records: 696209
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
H:\
I:\
Scan Statistics:
Total number of scanned objects: 355096
Number of viruses found: 32
Number of infected objects: 190
Number of suspicious objects: 38
Duration of the scan process: 42:57:20
Infected Object Name / Virus Name / Last Action
C:\Arch\4Gig-BothParts.rar/4Gig-Part-2/Zipped downloads/Slide Shows/Webshots/webspace.exe/WISE0030.BIN Infected: not-a-virus:AdWare.Win32.Gator.1050 skipped
C:\Arch\4Gig-BothParts.rar/4Gig-Part-2/Zipped downloads/Slide Shows/Webshots/webspace.exe Infected: not-a-virus:AdWare.Win32.Gator.1050 skipped
C:\Arch\4Gig-BothParts.rar/4Gig-Part-2/Zipped downloads/TimeZone/timezc.zip/tmzinst.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Arch\4Gig-BothParts.rar/4Gig-Part-2/Zipped downloads/TimeZone/timezc.zip/tmzinst.exe/data0001.bin Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Arch\4Gig-BothParts.rar/4Gig-Part-2/Zipped downloads/TimeZone/timezc.zip/tmzinst.exe/data0002.bin/WISE0006.BIN Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Arch\4Gig-BothParts.rar/4Gig-Part-2/Zipped downloads/TimeZone/timezc.zip/tmzinst.exe/data0002.bin Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Arch\4Gig-BothParts.rar/4Gig-Part-2/Zipped downloads/TimeZone/timezc.zip/tmzinst.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Arch\4Gig-BothParts.rar/4Gig-Part-2/Zipped downloads/TimeZone/timezc.zip Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Arch\4Gig-BothParts.rar/4Gig-Part-2/Zipped downloads/TimeZone/TimeZone/TSUninstaller.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Arch\4Gig-BothParts.rar/4Gig-Part-2/Zipped downloads/TimeZone/tmzinst.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Arch\4Gig-BothParts.rar/4Gig-Part-2/Zipped downloads/TimeZone/tmzinst.exe/data0001.bin Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Arch\4Gig-BothParts.rar/4Gig-Part-2/Zipped downloads/TimeZone/tmzinst.exe/data0002.bin/WISE0006.BIN Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Arch\4Gig-BothParts.rar/4Gig-Part-2/Zipped downloads/TimeZone/tmzinst.exe/data0002.bin Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Arch\4Gig-BothParts.rar/4Gig-Part-2/Zipped downloads/TimeZone/tmzinst.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Arch\4Gig-BothParts.rar/4Gig-Part-1/Program Files/TimeSink/AdGateway/TSADBOT.EXE Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Arch\4Gig-BothParts.rar/4Gig-Part-1/WINDOWS/TEMP/c8380a/TSAdBot.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Arch\4Gig-BothParts.rar/4Gig-Part-1/WINDOWS/TSAd.dll Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Arch\4Gig-BothParts.rar/4Gig-Part-1/WINDOWS/VcpDLL.dll Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Arch\4Gig-BothParts.rar RAR: infected - 18 skipped
C:\Arch\60Gig-Part-1\Program Files\Advanced Searchbar\addtolist.js Infected: not-a-virus:AdWare.Win32.AdvancedSearchBar skipped
C:\Arch\60Gig-Part-1\Program Files\Advanced Searchbar\ADVANCEDBAR.DLL Infected: not-a-virus:AdWare.Win32.AdvancedSearchBar skipped
C:\Arch\60Gig-Part-1\Program Files\Common Files\BTLINK\BTLINK.DLL Infected: not-a-virus:AdWare.Win32.Wintol.ak skipped
C:\Arch\60Gig-Part-1\Program Files\Common Files\Install.EXE Infected: not-a-virus:AdWare.Win32.PerMedia skipped
C:\Arch\60Gig-Part-1\Program Files\Common Files\lauch.exe Infected: Email-Flooder.Win32.FriendGreetings skipped
C:\Arch\60Gig-Part-1\Program Files\Expertcity\GoToMyPC\g2comm.exe Infected: not-a-virus:RemoteAdmin.Win32.GotomyPC.a skipped
C:\Arch\60Gig-Part-1\Program Files\Expertcity\GoToMyPC\g2hook.dll Infected: not-a-virus:RemoteAdmin.Win32.GotomyPC.a skipped
C:\Arch\60Gig-Part-1\Program Files\Expertcity\GoToMyPC\g2svc.exe Infected: not-a-virus:RemoteAdmin.Win32.GotomyPC.a skipped
C:\Arch\60Gig-Part-1\Program Files\Expertcity\GoToMyPC\gopcsrv.exe Infected: not-a-virus:RemoteAdmin.Win32.GotomyPC.a skipped
C:\Arch\60Gig-Part-1\Program Files\Expertcity\GoToMyPC\gotomon.dll Infected: not-a-virus:RemoteAdmin.Win32.GotomyPC.a skipped
C:\Arch\60Gig-Part-1\WINDOWS\Application Data\Microsoft\Outlook\Outlook60gigpst.old/Susation/Bills/07 Nov 2002 00:57 from Chase Bill Management Center:Critical Cha.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Arch\60Gig-Part-1\WINDOWS\Application Data\Microsoft\Outlook\Outlook60gigpst.old Mail MS Mail: suspicious - 1 skipped
C:\Arch\60Gig-Part-1\WINDOWS\Brasil.exe Infected: Net-Worm.Win32.Opasoft.a.pac skipped
C:\Arch\60Gig-Part-1\WINDOWS\SYSTEM\gotomon.dll Infected: not-a-virus:RemoteAdmin.Win32.GotomyPC.a skipped
C:\Arch\60Gig-Part-1\WINDOWS\TEMP\temp.cab/toolbar.dll Infected: not-a-virus:AdWare.Win32.Wintol.as skipped
C:\Arch\60Gig-Part-1\WINDOWS\TEMP\temp.cab CAB: infected - 1 skipped
C:\Arch\60Gig-Part-1\WINDOWS\TEMP\toolbar.dll Infected: not-a-virus:AdWare.Win32.Wintol.as skipped
C:\Arch\60Gig-Part-1\WINDOWS\TEMP\~rnsetup\REAL_TOOLBAR\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s skipped
C:\Arch\60Gig-Part-1\Zipped Downloads\From Laptop\Webshots\webspace.exe/WISE0030.BIN Infected: not-a-virus:AdWare.Win32.Gator.1050 skipped
C:\Arch\60Gig-Part-1\Zipped Downloads\From Laptop\Webshots\webspace.exe WiseSFX: infected - 1 skipped
C:\Arch\60Gig-Part-1\Zipped Downloads\Webshots\webscene.exe/WISE0030.BIN Infected: not-a-virus:AdWare.Win32.Gator.1050 skipped
C:\Arch\60Gig-Part-1\Zipped Downloads\Webshots\webscene.exe WiseSFX: infected - 1 skipped
C:\Arch\60Gig-Part-1\Zipped Downloads\Webshots\webup.exe/WISE0028.BIN Infected: not-a-virus:AdWare.Win32.Gator.1050 skipped
C:\Arch\60Gig-Part-1\Zipped Downloads\Webshots\webup.exe WiseSFX: infected - 1 skipped
C:\Arch\Appz\Nero.rar/tno_n242.exe Infected: Trojan-PSW.Win32.Delf.zj skipped
C:\Arch\Appz\Nero.rar RAR: infected - 1 skipped
C:\Arch\Appz\Win_XP_Keygen_Key_Change.zip/yph.exe Infected: Trojan-Downloader.Win32.INService.mx skipped
C:\Arch\Appz\Win_XP_Keygen_Key_Change.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Treat\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Treat\Local Settings\Application Data\Microsoft\Outlook\Outlook2.pst/Susation/Deleted Items/02 Nov 2005 19:41 from Roderick Shafer:Please Verify Your eBay I.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\Local Settings\Application Data\Microsoft\Outlook\Outlook2.pst/Susation/Deleted Items/04 Nov 2005 00:39 from Chase Bank:Verify Your Account Informatio.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\Local Settings\Application Data\Microsoft\Outlook\Outlook2.pst/Susation/Deleted Items/02 Nov 2005 14:59 from eBay:eBay - urgent security notice [Wed, .html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Treat\Local Settings\Application Data\Microsoft\Outlook\Outlook2.pst/Susation/Deleted Items/25 Oct 2005 15:02 to shangle@iconect.com:eBay Inc - Urgent Secur.html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
C:\Documents and Settings\Treat\Local Settings\Application Data\Microsoft\Outlook\Outlook2.pst/Susation/Deleted Items/25 Oct 2005 15:02 to shangle@iconect.com:eBay Inc - Urgent Secur/cockatoo.GIF Infected: Trojan-Spy.HTML.Bayfraud.in skipped
C:\Documents and Settings\Treat\Local Settings\Application Data\Microsoft\Outlook\Outlook2.pst/Susation/Sent Items/17 Jun 2005 23:35 to 'Lorraine Kinninmont':DO NOT OPEN- FOR INFO/account-password.zip/account-password.htm .scr Infected: Net-Worm.Win32.Mytob.bf skipped
C:\Documents and Settings\Treat\Local Settings\Application Data\Microsoft\Outlook\Outlook2.pst/Susation/Sent Items/17 Jun 2005 23:35 to 'Lorraine Kinninmont':DO NOT OPEN- FOR INFO/account-password.zip Infected: Net-Worm.Win32.Mytob.bf skipped
C:\Documents and Settings\Treat\Local Settings\Application Data\Microsoft\Outlook\Outlook2.pst/Susation/Sent Items/20 Jun 2005 13:58 to Lorraine Kinninmont:FW: *DETECTED* Online U/account-info.zip/account-info.txt .pif Infected: Net-Worm.Win32.Mytob.bf skipped
C:\Documents and Settings\Treat\Local Settings\Application Data\Microsoft\Outlook\Outlook2.pst/Susation/Sent Items/20 Jun 2005 13:58 to Lorraine Kinninmont:FW: *DETECTED* Online U/account-info.zip Infected: Net-Worm.Win32.Mytob.bf skipped
C:\Documents and Settings\Treat\Local Settings\Application Data\Microsoft\Outlook\Outlook2.pst/Susation/Bills/07 Nov 2002 00:57 from Chase Bill Management Center:Critical Cha.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\Local Settings\Application Data\Microsoft\Outlook\Outlook2.pst Mail MS Mail: infected - 7, suspicious - 3 skipped
C:\Documents and Settings\Treat\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Treat\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Treat\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Treat\Local Settings\History\History.IE5\MSHist012008041020080411\index.dat Object is locked skipped
C:\Documents and Settings\Treat\Local Settings\Temp\Rar$EX13.781\#1 DVD Ripper 5.36.exe Infected: Trojan-Downloader.Win32.Bagle.mv skipped
C:\Documents and Settings\Treat\Local Settings\Temp\~DF34C.tmp Object is locked skipped
C:\Documents and Settings\Treat\Local Settings\Temp\~DF7112.tmp Object is locked skipped
C:\Documents and Settings\Treat\Local Settings\Temp\~DF9945.tmp Object is locked skipped
C:\Documents and Settings\Treat\Local Settings\Temp\~DFCB1B.tmp Object is locked skipped
C:\Documents and Settings\Treat\Local Settings\Temporary Internet Files\Content.IE5\3D6TNTVG\b64_1[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\Documents and Settings\Treat\Local Settings\Temporary Internet Files\Content.IE5\3D6TNTVG\b64_1[2].jpg Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\Documents and Settings\Treat\Local Settings\Temporary Internet Files\Content.IE5\ELMBOV8F\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Treat\Local Settings\Temporary Internet Files\Content.IE5\ELMBOV8F\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Treat\Local Settings\Temporary Internet Files\Content.IE5\GVO9C1GF\b64_3[1].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Treat\Local Settings\Temporary Internet Files\Content.IE5\GVO9C1GF\b64_3[2].jpg Infected: Email-Worm.Win32.Bagle.of skipped
C:\Documents and Settings\Treat\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Treat\Local Settings\Temporary Internet Files\Content.IE5\MJW1YB6X\b64_1[1].jpg Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\Documents and Settings\Treat\Local Settings\Temporary Internet Files\Content.IE5\MJW1YB6X\b64_1[2].jpg Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Deleted Items/14 Nov 2005 06:09 from eBay:[TKO] : your (eBay) account could be.html Infected: Trojan-Spy.HTML.Bayfraud.gw skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Deleted Items/14 Nov 2005 19:57 from Wellsfargo Online Banking:Periodic Accoun.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Deleted Items/24 Nov 2005 17:17 from Chase Bank OnlineSM Support:Important Acc.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Deleted Items/26 Nov 2005 16:27 from service@paypal.com:PAYPAL NOTICE.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Deleted Items/29 Nov 2005 01:22 from Mail@cia.gov:Your IP was logged/question_list.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Deleted Items/29 Nov 2005 01:22 from Mail@cia.gov:Your IP was logged/question_list.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Deleted Items/05 Dec 2005 21:06 from service@paypal.com:Activate your PayPal A.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Deleted Items/09 Dec 2005 01:29 from office@renewdata.com:Your Password/reg_pass.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Deleted Items/09 Dec 2005 01:29 from office@renewdata.com:Your Password/reg_pass.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Deleted Items/16 Dec 2005 14:30 from Chase Bank:Chase Suspension Verification .html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Deleted Items/18 Dec 2005 19:25 from service@paypal.com:Activate your PayPal A.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Deleted Items/22 Dec 2005 19:21 from Shangle:Emanuell/Robert.zip/DFC00232.exe Infected: Trojan-Downloader.Win32.Bagle.l skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Deleted Items/22 Dec 2005 19:21 from Shangle:Emanuell/Robert.zip Infected: Trojan-Downloader.Win32.Bagle.l skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Deleted Items/03 Jan 2006 16:29 from service@ebay.com:Your eBay account will b.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Deleted Items/18 Jan 2006 23:51 from service@paypal.com:Attention! Activate yo.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Sent Items/17 Jun 2005 23:35 to 'Lorraine Kinninmont':DO NOT OPEN- FOR INFO/account-password.zip/account-password.htm .scr Infected: Net-Worm.Win32.Mytob.bf skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Sent Items/17 Jun 2005 23:35 to 'Lorraine Kinninmont':DO NOT OPEN- FOR INFO/account-password.zip Infected: Net-Worm.Win32.Mytob.bf skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Sent Items/20 Jun 2005 13:58 to Lorraine Kinninmont:FW: *DETECTED* Online U/account-info.zip/account-info.txt .pif Infected: Net-Worm.Win32.Mytob.bf skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Sent Items/20 Jun 2005 13:58 to Lorraine Kinninmont:FW: *DETECTED* Online U/account-info.zip Infected: Net-Worm.Win32.Mytob.bf skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak/Susation/Bills/07 Nov 2002 00:57 from Chase Bill Management Center:Critical Cha.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\My Documents\Outlook2.bak Mail MS Mail: infected - 11, suspicious - 9 skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Deleted Items/14 Nov 2005 06:09 from eBay:[TKO] : your (eBay) account could be.html Infected: Trojan-Spy.HTML.Bayfraud.gw skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Deleted Items/14 Nov 2005 19:57 from Wellsfargo Online Banking:Periodic Accoun.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Deleted Items/24 Nov 2005 17:17 from Chase Bank OnlineSM Support:Important Acc.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Deleted Items/26 Nov 2005 16:27 from service@paypal.com:PAYPAL NOTICE.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Deleted Items/29 Nov 2005 01:22 from Mail@cia.gov:Your IP was logged/question_list.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Deleted Items/29 Nov 2005 01:22 from Mail@cia.gov:Your IP was logged/question_list.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Deleted Items/05 Dec 2005 21:06 from service@paypal.com:Activate your PayPal A.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Deleted Items/09 Dec 2005 01:29 from office@renewdata.com:Your Password/reg_pass.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Deleted Items/09 Dec 2005 01:29 from office@renewdata.com:Your Password/reg_pass.zip Infected: Email-Worm.Win32.Sober.y skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Deleted Items/16 Dec 2005 14:30 from Chase Bank:Chase Suspension Verification .html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Deleted Items/18 Dec 2005 19:25 from service@paypal.com:Activate your PayPal A.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Deleted Items/22 Dec 2005 19:21 from Shangle:Emanuell/Robert.zip/DFC00232.exe Infected: Trojan-Downloader.Win32.Bagle.l skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Deleted Items/22 Dec 2005 19:21 from Shangle:Emanuell/Robert.zip Infected: Trojan-Downloader.Win32.Bagle.l skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Deleted Items/03 Jan 2006 16:29 from service@ebay.com:Your eBay account will b.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Deleted Items/18 Jan 2006 23:51 from service@paypal.com:Attention! Activate yo.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Sent Items/17 Jun 2005 23:35 to 'Lorraine Kinninmont':DO NOT OPEN- FOR INFO/account-password.zip/account-password.htm .scr Infected: Net-Worm.Win32.Mytob.bf skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Sent Items/17 Jun 2005 23:35 to 'Lorraine Kinninmont':DO NOT OPEN- FOR INFO/account-password.zip Infected: Net-Worm.Win32.Mytob.bf skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Sent Items/20 Jun 2005 13:58 to Lorraine Kinninmont:FW: *DETECTED* Online U/account-info.zip/account-info.txt .pif Infected: Net-Worm.Win32.Mytob.bf skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Sent Items/20 Jun 2005 13:58 to Lorraine Kinninmont:FW: *DETECTED* Online U/account-info.zip Infected: Net-Worm.Win32.Mytob.bf skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak/Susation/Bills/07 Nov 2002 00:57 from Chase Bill Management Center:Critical Cha.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Treat\My Documents\Outlook2a.bak Mail MS Mail: infected - 11, suspicious - 9 skipped
C:\Documents and Settings\Treat\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Treat\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CA\SharedComponents\PPRT\logs\2008-04-10.csv Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2host.log Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon Infected: Trojan-Downloader.Win32.Bagle.mv skipped
C:\Program Files\Citrix\GoToMyPC\g2svc.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1108\A0222278.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1108\A0222283.exe Infected: Trojan-Downloader.Win32.Bagle.mv skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1108\A0222308.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1109\A0222341.exe Infected: Trojan-Downloader.Win32.Bagle.ij skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1109\A0222343.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1109\A0222357.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1109\A0222391.exe Infected: Trojan-Downloader.Win32.Bagle.mv skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1110\A0222627.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1110\A0222635.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1110\A0222667.exe Infected: Trojan-Downloader.Win32.Bagle.mv skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1110\A0222668.exe Infected: Trojan-Downloader.Win32.Bagle.mv skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1111\A0222687.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1112\A0222782.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1112\A0222805.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1112\A0222815.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1112\A0222838.exe Infected: Trojan-Downloader.Win32.Bagle.mv skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1112\A0222839.exe Infected: Trojan-Downloader.Win32.Bagle.mv skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1112\A0222849.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1112\A0222859.sys Infected: Trojan-Downloader.Win32.Bagle.mm skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1113\A0222884.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1113\A0222885.exe Infected: Email-Worm.Win32.Bagle.of skipped
C:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1113\change.log Object is locked skipped
C:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP1\A0000046.exe Object is locked skipped
C:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP1\A0000074.exe Object is locked skipped
C:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP22\A0011494.exe/WISE0030.BIN Infected: not-a-virus:AdWare.Win32.Gator.1050 skipped
C:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP22\A0011494.exe WiseSFX: infected - 1 skipped
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\gotomon.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_22c.dat Object is locked skipped
C:\WINDOWS\Temp\~DF9C7D.tmp Object is locked skipped
C:\Zipped Downloads\Kazza\FSR.exe/file004 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Zipped Downloads\Kazza\FSR.exe Inno: infected - 1 skipped
C:\Zipped Downloads\Slide Shows\Webshots\webspace.exe/WISE0030.BIN Infected: not-a-virus:AdWare.Win32.Gator.1050 skipped
C:\Zipped Downloads\Slide Shows\Webshots\webspace.exe WiseSFX: infected - 1 skipped
C:\Zipped Downloads\TimeZone\timezc.zip/tmzinst.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Zipped Downloads\TimeZone\timezc.zip/tmzinst.exe/data0001.bin Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Zipped Downloads\TimeZone\timezc.zip/tmzinst.exe/data0002.bin/WISE0006.BIN Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Zipped Downloads\TimeZone\timezc.zip/tmzinst.exe/data0002.bin Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Zipped Downloads\TimeZone\timezc.zip/tmzinst.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Zipped Downloads\TimeZone\timezc.zip ZIP: infected - 5 skipped
C:\Zipped Downloads\TimeZone\TimeZone\TSUninstaller.exe Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Zipped Downloads\TimeZone\tmzinst.exe/data0000.bin Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Zipped Downloads\TimeZone\tmzinst.exe/data0001.bin Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Zipped Downloads\TimeZone\tmzinst.exe/data0002.bin/WISE0006.BIN Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Zipped Downloads\TimeZone\tmzinst.exe/data0002.bin Infected: not-a-virus:AdWare.Win32.TimeSink skipped
C:\Zipped Downloads\TimeZone\tmzinst.exe EmbeddedEXE: infected - 4 skipped
C:\Zipped Downloads\Webshots\webscene.exe/WISE0030.BIN Infected: not-a-virus:AdWare.Win32.Gator.1050 skipped
C:\Zipped Downloads\Webshots\webscene.exe WiseSFX: infected - 1 skipped
C:\Zipped Downloads\Webshots\webup.exe/WISE0028.BIN Infected: not-a-virus:AdWare.Win32.Gator.1050 skipped
C:\Zipped Downloads\Webshots\webup.exe WiseSFX: infected - 1 skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1114\change.log Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003856.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003857.ver Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003858.msi Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003859.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003860.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003861.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003862.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003863.CAT Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003864.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003865.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003866.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003867.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003868.ini Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003869.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003870.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003871.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003872.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003873.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003874.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003875.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003876.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003877.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003878.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003879.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003880.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003881.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003882.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003883.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003884.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003885.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003886.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003887.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003888.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003889.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003890.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003891.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003892.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003893.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003894.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003895.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003896.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003897.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003898.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003899.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003900.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003901.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003902.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003903.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003904.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003905.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003906.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003907.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003908.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003909.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003910.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003911.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003912.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003913.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003914.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003915.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003916.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003917.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003918.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003919.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003920.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003921.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003922.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003923.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003924.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003925.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003926.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003927.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003928.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003929.tlb Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003930.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003931.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003932.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003933.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003934.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003935.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003936.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003937.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003938.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003939.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003940.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003941.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003942.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003943.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003944.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003945.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003946.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003947.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003948.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003949.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003950.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003951.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003952.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003953.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003954.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003955.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003956.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003957.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003958.sys Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003959.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003960.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003961.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003962.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003963.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003964.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003965.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003966.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003967.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003968.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003969.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003970.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003971.cat Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003972.sys Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003973.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003974.com Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003975.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003976.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003977.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003978.ocx Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003979.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003980.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003981.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003982.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003983.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003984.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003985.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003986.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003987.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003988.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003989.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003990.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003991.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003992.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003993.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003994.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003995.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003996.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003997.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003998.tlb Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0003999.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004000.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004001.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004002.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004003.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004004.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004005.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004006.msc Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004007.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004008.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004009.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004010.cmd Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004011.mof Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004012.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004013.sys Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004014.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004015.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004016.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004017.msi Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004018.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004019.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004020.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004021.sif Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004022.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004023.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004024.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004025.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004026.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004027.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004028.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004029.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004030.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004031.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004032.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004033.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004034.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004035.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004036.cat Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004037.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004038.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004039.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004040.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004041.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004042.msi Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004043.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004044.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004045.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004046.sif Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004047.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004048.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004049.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004050.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004051.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004052.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004053.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004054.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004055.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004056.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004057.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004058.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004059.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004060.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004061.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004062.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004063.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004064.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004065.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004066.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004067.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004068.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004069.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004070.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004071.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004072.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004073.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004074.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004075.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004076.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004077.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004078.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004079.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004080.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004081.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004082.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004083.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004084.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004085.sdb Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004086.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004087.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004088.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004089.ini Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004090.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004091.inf Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004092.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004093.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004094.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004095.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004096.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004097.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004098.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004099.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004100.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004101.ini Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004102.ini Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004103.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004104.cat Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004105.cat Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004106.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004107.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004108.cat Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004109.cat Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004110.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004111.cat Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004112.cat Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004113.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004114.cat Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004115.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004116.cat Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004117.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004118.cat Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004119.cat Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004120.cat Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004121.cat Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004122.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004123.cat Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004124.exe Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004125.dll Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004126.wa_ Object is locked skipped
D:\System Volume Information\_restore{4DE83131-817E-4855-A49E-994EA7138DF6}\RP4\A0004127.wa_ Object is locked skipped
D:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe Object is locked skipped
D:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe Object is locked skipped
D:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe Object is locked skipped
D:\WINDOWS\Driver Cache\i386\ntoskrnl.exe Object is locked skipped
D:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe Object is locked skipped
D:\WINDOWS\system32\gotomon.dll Infected: not-a-virus:RemoteAdmin.Win32.GotomyPC.a skipped
Suzeabelle
2008-04-13, 06:14
D:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe Object is locked skipped
D:\WINDOWS\system32\gotomon.dll Infected: not-a-virus:RemoteAdmin.Win32.GotomyPC.a skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1109\A0222402.exe/Stream/data0002 Infected: not-a-virus:Monitor.Win32.BFK.11 skipped
H:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1109\A0222402.exe/Stream Infected: not-a-virus:Monitor.Win32.BFK.11 skipped
H:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1109\A0222402.exe Inno: infected - 2 skipped
H:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1109\A0222403.exe/Stream/data0002 Infected: not-a-virus:Monitor.Win32.BFK.11 skipped
H:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1109\A0222403.exe/Stream Infected: not-a-virus:Monitor.Win32.BFK.11 skipped
H:\System Volume Information\_restore{4A6C3E8F-C7C4-4F40-8D59-57C79309AF71}\RP1109\A0222403.exe Inno: infected - 2 skipped
H:\STORAGE\archives pst\iCONECT Outlook backup archive.rar/Outolook backup of 2 from laptop/Outlook2bpst.old/Susation/Sent Items/17 Jun 2005 23:35 to 'Lorraine Kinninmont':DO NOT OPEN- FOR INFO/account-password.zip/account-password.htm .scr Infected: Net-Worm.Win32.Mytob.bf skipped
H:\STORAGE\archives pst\iCONECT Outlook backup archive.rar/Outolook backup of 2 from laptop/Outlook2bpst.old/Susation/Sent Items/17 Jun 2005 23:35 to 'Lorraine Kinninmont':DO NOT OPEN- FOR INFO/account-password.zip Infected: Net-Worm.Win32.Mytob.bf skipped
H:\STORAGE\archives pst\iCONECT Outlook backup archive.rar/Outolook backup of 2 from laptop/Outlook2bpst.old/Susation/Sent Items/20 Jun 2005 13:58 to Lorraine Kinninmont:FW: *DETECTED* Online U/account-info.zip/account-info.txt .pif Infected: Net-Worm.Win32.Mytob.bf skipped
H:\STORAGE\archives pst\iCONECT Outlook backup archive.rar/Outolook backup of 2 from laptop/Outlook2bpst.old/Susation/Sent Items/20 Jun 2005 13:58 to Lorraine Kinninmont:FW: *DETECTED* Online U/account-info.zip Infected: Net-Worm.Win32.Mytob.bf skipped
H:\STORAGE\archives pst\iCONECT Outlook backup archive.rar/Outolook backup of 2 from laptop/Outlook2bpst.old/Susation/Bills/07 Nov 2002 00:57 from Chase Bill Management Center:Critical Cha.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
H:\STORAGE\archives pst\iCONECT Outlook backup archive.rar/Outolook backup of 2 from laptop/Outlook2bpst.old Infected: Trojan-Spy.HTML.Fraud.gen skipped
H:\STORAGE\archives pst\iCONECT Outlook backup archive.rar/2004 Oultook from laptop/Outlook2apst.old/Susation/Deleted Items/02 Nov 2005 19:41 from Roderick Shafer:Please Verify Your eBay I.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
H:\STORAGE\archives pst\iCONECT Outlook backup archive.rar/2004 Oultook from laptop/Outlook2apst.old/Susation/Deleted Items/04 Nov 2005 00:39 from Chase Bank:Verify Your Account Informatio.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
H:\STORAGE\archives pst\iCONECT Outlook backup archive.rar/2004 Oultook from laptop/Outlook2apst.old/Susation/Sent Items/17 Jun 2005 23:35 to 'Lorraine Kinninmont':DO NOT OPEN- FOR INFO/account-password.zip/account-password.htm .scr Infected: Net-Worm.Win32.Mytob.bf skipped
H:\STORAGE\archives pst\iCONECT Outlook backup archive.rar/2004 Oultook from laptop/Outlook2apst.old/Susation/Sent Items/17 Jun 2005 23:35 to 'Lorraine Kinninmont':DO NOT OPEN- FOR INFO/account-password.zip Infected: Net-Worm.Win32.Mytob.bf skipped
H:\STORAGE\archives pst\iCONECT Outlook backup archive.rar/2004 Oultook from laptop/Outlook2apst.old/Susation/Sent Items/20 Jun 2005 13:58 to Lorraine Kinninmont:FW: *DETECTED* Online U/account-info.zip/account-info.txt .pif Infected: Net-Worm.Win32.Mytob.bf skipped
H:\STORAGE\archives pst\iCONECT Outlook backup archive.rar/2004 Oultook from laptop/Outlook2apst.old/Susation/Sent Items/20 Jun 2005 13:58 to Lorraine Kinninmont:FW: *DETECTED* Online U/account-info.zip Infected: Net-Worm.Win32.Mytob.bf skipped
H:\STORAGE\archives pst\iCONECT Outlook backup archive.rar/2004 Oultook from laptop/Outlook2apst.old/Susation/Bills/07 Nov 2002 00:57 from Chase Bill Management Center:Critical Cha.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
H:\STORAGE\archives pst\iCONECT Outlook backup archive.rar/2004 Oultook from laptop/Outlook2apst.old/Susation/Junk E-mail/25 Oct 2005 15:02 to shangle@iconect.com:eBay Inc - Urgent Secur.html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
H:\STORAGE\archives pst\iCONECT Outlook backup archive.rar/2004 Oultook from laptop/Outlook2apst.old/Susation/Junk E-mail/25 Oct 2005 15:02 to shangle@iconect.com:eBay Inc - Urgent Secur/cockatoo.GIF Infected: Trojan-Spy.HTML.Bayfraud.in skipped
H:\STORAGE\archives pst\iCONECT Outlook backup archive.rar/2004 Oultook from laptop/Outlook2apst.old/Susation/Junk E-mail/02 Nov 2005 14:59 from eBay:eBay - urgent security notice [Wed, .html Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
H:\STORAGE\archives pst\iCONECT Outlook backup archive.rar/2004 Oultook from laptop/Outlook2apst.old Infected: Trojan-Spy.HTML.Bayfraud.hn skipped
H:\STORAGE\archives pst\iCONECT Outlook backup archive.rar RAR: infected - 13, suspicious - 4 skipped
H:\Laptop backup March 2008\Qback\Cmonitor-Ads 15 days- This is rebranded Famil\RSComputerMonitorKeyloggerDemo.msi/Instal01.cab/PO1_8441EA5EF3C6455F90B2F1D6223B7CE4_572EC786359A4A4C98565D9D865BB39F Infected: not-a-virus:Monitor.Win32.MonitorKeylogger.203 skipped
H:\Laptop backup March 2008\Qback\Cmonitor-Ads 15 days- This is rebranded Famil\RSComputerMonitorKeyloggerDemo.msi/Instal01.cab Infected: not-a-virus:Monitor.Win32.MonitorKeylogger.203 skipped
H:\Laptop backup March 2008\Qback\Cmonitor-Ads 15 days- This is rebranded Famil\RSComputerMonitorKeyloggerDemo.msi Embedded: infected - 2 skipped
H:\Laptop backup March 2008\Qback\BFK-visible email broken\logger.zip/BFK.exe Infected: not-a-virus:Monitor.Win32.BFK.11 skipped
H:\Laptop backup March 2008\Qback\BFK-visible email broken\logger.zip ZIP: infected - 1 skipped
H:\Laptop backup March 2008\Qback\BFK-visible email broken\logger\BFK.exe Infected: not-a-virus:Monitor.Win32.BFK.11 skipped
H:\Laptop backup March 2008\Qback\elogger-visible\Elogger-Setup.exe Infected: not-a-virus:Monitor.Win32.KeyLogger.ag skipped
H:\Laptop backup March 2008\Qback\Activity- 15 days\akeylogger.exe/data0001 Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.16 skipped
H:\Laptop backup March 2008\Qback\Activity- 15 days\akeylogger.exe/data0003 Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.16 skipped
H:\Laptop backup March 2008\Qback\Activity- 15 days\akeylogger.exe/data0009 Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.18 skipped
H:\Laptop backup March 2008\Qback\Activity- 15 days\akeylogger.exe Inno: infected - 3 skipped
H:\Laptop backup March 2008\Qback\Actual\actualkeylogger.exe/Stream/data0001 Infected: not-a-virus:Monitor.Win32.ActualSpy.2301 skipped
H:\Laptop backup March 2008\Qback\Actual\actualkeylogger.exe/Stream/data0004 Infected: not-a-virus:Monitor.Win32.ActualSpy.27 skipped
H:\Laptop backup March 2008\Qback\Actual\actualkeylogger.exe/Stream/data0005 Infected: not-a-virus:Monitor.Win32.ActualSpy.252 skipped
H:\Laptop backup March 2008\Qback\Actual\actualkeylogger.exe/Stream Infected: not-a-virus:Monitor.Win32.ActualSpy.252 skipped
H:\Laptop backup March 2008\Qback\Actual\actualkeylogger.exe Inno: infected - 4 skipped
I:\nideiect.com Infected: Trojan-Downloader.Win32.Bagle.mv skipped
I:\Qback\Actual\actualkeylogger.exe/Stream/data0001 Infected: not-a-virus:Monitor.Win32.ActualSpy.2301 skipped
I:\Qback\Actual\actualkeylogger.exe/Stream/data0004 Infected: not-a-virus:Monitor.Win32.ActualSpy.27 skipped
I:\Qback\Actual\actualkeylogger.exe/Stream/data0005 Infected: not-a-virus:Monitor.Win32.ActualSpy.252 skipped
I:\Qback\Actual\actualkeylogger.exe/Stream Infected: not-a-virus:Monitor.Win32.ActualSpy.252 skipped
I:\Qback\Actual\actualkeylogger.exe Inno: infected - 4 skipped
I:\Qback\Activity- 15 days\akeylogger.exe/data0001 Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.16 skipped
I:\Qback\Activity- 15 days\akeylogger.exe/data0003 Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.16 skipped
I:\Qback\Activity- 15 days\akeylogger.exe/data0009 Infected: not-a-virus:Monitor.Win32.ActiveKeyLogger.18 skipped
I:\Qback\Activity- 15 days\akeylogger.exe Inno: infected - 3 skipped
I:\Qback\elogger-visible\Elogger-Setup.exe Infected: not-a-virus:Monitor.Win32.KeyLogger.ag skipped
I:\Qback\BFK-visible email broken\bfk.exe/Stream/data0002 Infected: not-a-virus:Monitor.Win32.BFK.11 skipped
I:\Qback\BFK-visible email broken\bfk.exe/Stream Infected: not-a-virus:Monitor.Win32.BFK.11 skipped
I:\Qback\BFK-visible email broken\bfk.exe Inno: infected - 2 skipped
I:\Qback\BFK-visible email broken\logger.zip/BFK.exe Infected: not-a-virus:Monitor.Win32.BFK.11 skipped
I:\Qback\BFK-visible email broken\logger.zip ZIP: infected - 1 skipped
I:\Qback\BFK-visible email broken\setup.exe/Stream/data0002 Infected: not-a-virus:Monitor.Win32.BFK.11 skipped
I:\Qback\BFK-visible email broken\setup.exe/Stream Infected: not-a-virus:Monitor.Win32.BFK.11 skipped
I:\Qback\BFK-visible email broken\setup.exe Inno: infected - 2 skipped
I:\Qback\BFK-visible email broken\logger\BFK.exe Infected: not-a-virus:Monitor.Win32.BFK.11 skipped
I:\Qback\Cmonitor-Ads 15 days- This is rebranded Famil\RSComputerMonitorKeyloggerDemo.msi/Instal01.cab/PO1_8441EA5EF3C6455F90B2F1D6223B7CE4_572EC786359A4A4C98565D9D865BB39F Infected: not-a-virus:Monitor.Win32.MonitorKeylogger.203 skipped
I:\Qback\Cmonitor-Ads 15 days- This is rebranded Famil\RSComputerMonitorKeyloggerDemo.msi/Instal01.cab Infected: not-a-virus:Monitor.Win32.MonitorKeylogger.203 skipped
I:\Qback\Cmonitor-Ads 15 days- This is rebranded Famil\RSComputerMonitorKeyloggerDemo.msi Embedded: infected - 2 skipped
I:\Outlookchkdsk version.pst/Susation/Purchases/01 Aug 2006 18:50 from eBay:You Won eBay Item: iRiver H10 Color .html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
I:\Outlookchkdsk version.pst/Susation/Purchases/01 Aug 2006 17:20 from eBay:You Won eBay Item: iRiver H10 Color .html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
I:\Outlookchkdsk version.pst Mail MS Mail: suspicious - 2 skipped
I:\Outlook2.pst/Susation/Deleted Items/11 Aug 2007 00:00 from Royal Caribbean:Get $150 toward your next.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
I:\Outlook2.pst/Susation/Deleted Items/02 Nov 2007 13:49 from Royal Caribbean:Get $150 toward your next.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
I:\Outlook2.pst/Susation/Bills/07 Nov 2002 00:57 from Chase Bill Management Center:Critical Cha.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
I:\Outlook2.pst/Susation/Purchases/01 Aug 2006 18:50 from eBay:You Won eBay Item: iRiver H10 Color .html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
I:\Outlook2.pst/Susation/Purchases/01 Aug 2006 17:20 from eBay:You Won eBay Item: iRiver H10 Color .html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
I:\Outlook2.pst/Susation/Travel Bonus & FF/13 Apr 2007 01:55 from Royal Caribbean:Make your next cruise eve.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
I:\Outlook2.pst/Susation/Junk E-mail/28 Jan 2008 20:48 to Shangle:Details Confirmation [message id: b.html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
I:\Outlook2.pst Mail MS Mail: suspicious - 7 skipped
Scan process completed.
Suzeabelle
2008-04-13, 06:15
I was pretty sure that was going to be the result- I hoped I could avoid it.
I'll lose several programs that I've got and I have a few devices that are kind of a pain to reinstall, so I was hoping to avoid that if possible. My Polar USB device is particularly tricky :)
I agree that the only safe way is to do a reformat and reinstall of the OS
I have a few questions before I proceed. I won't tie up resources trying to clean this. When I ask an experts advice--I think I should follow it :)
Before I jump in though- I would love your insight on the following:
1. Is my H drive safe? It is a USB mybook external drive- the computer however thinks it is a local hard drive. I would like to copy my .mp3 files and the my documents folder before I do the reformat and it would be quicker to do that than to burn DVD's. Log file in next post.
2. Luckily I pulled the machine from the net almost as soon as it happened. Unluckily I reconnected to run the Kaperskey scan and was connected for 42 hours- I'm sure all my stuff is compromised by now.
3. Are the other computers on my local network at risk? This machine has been isolated since I got the infection- I don't know how quickly this one spreads.
Your help is very much appreciated.
Suze
1. Is my H drive safe? It is a USB mybook external drive- the computer however thinks it is a local hard drive. I would like to copy my .mp3 files and the my documents folder before I do the reformat and it would be quicker to do that than to burn DVD's.
Hi
Don't use that external drive. Your infection will jump from infected system to it if it's plugged in. For reformatting there's a good tutorial made by wng_z3r0 here (http://spyware-free.us/tutorials/reformat). It gives some instructs for backuping too. :)
Suzeabelle
2008-04-14, 18:38
OK- so here is where I'm at now if I understand correctly.
In trying to save my data (photos, documents, mp3 files) I will need to go to DVD instead of using the USB hard drive since it could spread the infection.
My first step is to copy all the files I'll want after the reformat right?
I'm wondering is there a way to clean the machine enough to get the files onto this USB hard drive and then do the reformat?
I'm freaking out as Taxes are due to the IRS today (in the US) And I waited to the last minute and I'm scared to open my quicken.dat file to run reports.
If I'm disconnected from the net completely am I still at risk of this data being compromised?
I'm off to check all the requirements for a reformat that are listed in that great link- I'll report back shortly.
Thanks as always
Suze
My first step is to copy all the files I'll want after the reformat right?
Yes.
I'm wondering is there a way to clean the machine enough to get the files onto this USB hard drive and then do the reformat?
I'm freaking out as Taxes are due to the IRS today (in the US) And I waited to the last minute and I'm scared to open my quicken.dat file to run reports.
If I'm disconnected from the net completely am I still at risk of this data being compromised?
Cleaning machine only partly isn't recommended. Either we can try complete cleaning of the infection or then take reformat option. I recommend you to burn that tax file to cd/dvd media (or copy to a floppy if you have a floppy drive) and then open it on clean system to run reports.
Suzeabelle
2008-04-14, 23:19
Thanks for the speedy reply. You ROCK!
I've solved the tax problem for now- whew~
I'm in the midst of copying my photos to DVD
If I'm understanding correctly - even if we clean the machine and I was to use this 500GB external USB drive to then copy data (mp3, documents, .pdfs etc) prior to a complete reformat I can still be at risk?
Are the files I'm writing to DVD a risk?
I've reformated the USB key and all is well there.
I know I probably seem dense- I'm simply trying to get back to normal as safely as possible.
With enormous buckets of appreciation for your time and patience.
Suze
Good to hear you got tax problem sorted out :)
If I'm understanding correctly - even if we clean the machine and I was to use this 500GB external USB drive to then copy data (mp3, documents, .pdfs etc) prior to a complete reformat I can still be at risk?
That's right. I don't know for sure whether or not you used external USB drive in infected system. If you did it might require formatting in the same way as you did with your USB key. If it hasn't been connected during the infection then it should be ok.
Are the files I'm writing to DVD a risk?
No if you remember to write only non-program files. That means files like pictures, music and videos can be copied but not exe files.
Suzeabelle
2008-04-18, 20:44
I wanted to check in and let you know that I've made some progress in getting my data off the machine.
As I wade through all this I've got a couple more questions.
1. I found the worm32bagle on one of my other machines, it was the orginal bad guy zip that I downloaded. That file went straight to the recycler and was never run. I emptied the recylce bin- and re ran virus scan. All appears OK.
Do I need to be concerned?
2. I have some zipped download files that I would like to save and use again. I'm afraid they could be infected. Is there anyway to rescue these? Some are drivers for my PolarHeartRate Monitor, some are old shareware and Palm Pilot files. Almost everything else I can get new from the net.
I'll be going for the big reformat this weekend. Wish me luck :)
Thanks again
Suze
Hi
Here're brief answers to your questions.
1. No need to be concerned if you didn't activate the worm.
2. Those zip files (and other archived files) are always a bit risky to use. Unfortunately you shouldn't take those to your backups if you wanted to minimize the risks.
Good luck to your reformat operation :bigthumb:
Hi Suze
Did you get the job done?
Due to inactivity, this thread will now be closed.
Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.