View Full Version : Trojan.Win32.zapchast.ck
ran kapersky scan and found Trojan item above. report was too large to attach. how can i remove this item? thanks
Hi JS999
Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
You can try to remove all entries with object locked skipped from kaspersky report.
If that doesn't help, let me know :)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:37 AM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2296881410-29860646-859945766-1011\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'QBDataServiceUser17')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163621522718
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40F32AD0-DAB2-431A-A0CD-7BD479871520}: NameServer = 167.206.3.227,167.206.3.228
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68EC468-D9FB-4A2B-BA01-70D41F3AA780}: NameServer = 167.206.3.167,167.206.3.228
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O22 - SharedTaskScheduler: Winupdate - {145875B5-93F3-429D-FF34-6B0A2068897C} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8504 bytes
i'm not sure what you mean by this
Hi
I mean that do you have many entries there with "Object locked skipped" after file name and not "infected..."?
i sent report. will you help to remove malware? i have etrust from CA that did not detect the virus.
Hi
I don't see any kaspersky report?
i sent the hijack this report.
Hi
Yes you did but I need kaspersky report as well :)
the kaspersky report was too large to attach
Hi
Yes, you said that already.
That's why I said:
"I mean that do you have many entries there with "Object locked skipped" after file name and not "infected..."?"
And I mean kaspersky report here :)
C:\WINDOWS\system32\p1454D5.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p186CEE.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p1A478.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p1A9646.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p1B0EA2.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p1CF2B4.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p201F25.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p2451D.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p2453C.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p26E4D9.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p28B11D.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p29D9D.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p2B249D.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p2E8944.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p320CCE.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p34793A.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p3DA35B.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p4118DB.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p43F47.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p466EA3.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p523B45.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p58043.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p5AE019.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p5D2EDB.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p65F5FD.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p752997.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p7FBA4D.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p8D124.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\pAFA7C.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\pCDD94.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\pD614B.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\pD687E.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\pF57BC.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p1454D5.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p186CEE.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p1A478.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p1A9646.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p1B0EA2.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p1CF2B4.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p201F25.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p2451D.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p2453C.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p26E4D9.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p28B11D.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p29D9D.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p2B249D.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p2E8944.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p320CCE.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p34793A.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p3DA35B.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p4118DB.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p43F47.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p466EA3.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p523B45.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p58043.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p5AE019.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p5D2EDB.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p65F5FD.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p752997.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p7FBA4D.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\p8D124.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\pAFA7C.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\pCDD94.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\pD614B.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\pD687E.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\WINDOWS\system32\pF57BC.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
Hi
Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).
Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
C:\WINDOWS\system32\p1454D5.dll
C:\WINDOWS\system32\p186CEE.dll
C:\WINDOWS\system32\p1A478.dll
C:\WINDOWS\system32\p1A9646.dll
C:\WINDOWS\system32\p1B0EA2.dll
C:\WINDOWS\system32\p1CF2B4.dll
C:\WINDOWS\system32\p201F25.dll
C:\WINDOWS\system32\p2451D.dll
C:\WINDOWS\system32\p2453C.dll
C:\WINDOWS\system32\p26E4D9.dll
C:\WINDOWS\system32\p28B11D.dll
C:\WINDOWS\system32\p29D9D.dll
C:\WINDOWS\system32\p2B249D.dll
C:\WINDOWS\system32\p2E8944.dll
C:\WINDOWS\system32\p320CCE.dll
C:\WINDOWS\system32\p34793A.dll
C:\WINDOWS\system32\p3DA35B.dll
C:\WINDOWS\system32\p4118DB.dll
C:\WINDOWS\system32\p43F47.dll
C:\WINDOWS\system32\p466EA3.dll
C:\WINDOWS\system32\p523B45.dll
C:\WINDOWS\system32\p58043.dll
C:\WINDOWS\system32\p5AE019.dll
C:\WINDOWS\system32\p5D2EDB.dll
C:\WINDOWS\system32\p65F5FD.dll
C:\WINDOWS\system32\p752997.dll
C:\WINDOWS\system32\p7FBA4D.dll
C:\WINDOWS\system32\p8D124.dll
C:\WINDOWS\system32\pAFA7C.dll
C:\WINDOWS\system32\pCDD94.dll
C:\WINDOWS\system32\pD614B.dll
C:\WINDOWS\system32\pD687E.dll
C:\WINDOWS\system32\pF57BC.dll
C:\WINDOWS\system32\p1454D5.dll
C:\WINDOWS\system32\p186CEE.dll
C:\WINDOWS\system32\p1A478.dll
C:\WINDOWS\system32\p1A9646.dll
C:\WINDOWS\system32\p1B0EA2.dll
C:\WINDOWS\system32\p1CF2B4.dll
C:\WINDOWS\system32\p201F25.dll
C:\WINDOWS\system32\p2451D.dll
C:\WINDOWS\system32\p2453C.dll
C:\WINDOWS\system32\p26E4D9.dll
C:\WINDOWS\system32\p28B11D.dll
C:\WINDOWS\system32\p29D9D.dll
C:\WINDOWS\system32\p2B249D.dll
C:\WINDOWS\system32\p2E8944.dll
C:\WINDOWS\system32\p320CCE.dll
C:\WINDOWS\system32\p34793A.dll
C:\WINDOWS\system32\p3DA35B.dll
C:\WINDOWS\system32\p4118DB.dll
C:\WINDOWS\system32\p43F47.dll
C:\WINDOWS\system32\p466EA3.dll
C:\WINDOWS\system32\p523B45.dll
C:\WINDOWS\system32\p58043.dll
C:\WINDOWS\system32\p5AE019.dll
C:\WINDOWS\system32\p5D2EDB.dll
C:\WINDOWS\system32\p65F5FD.dll
C:\WINDOWS\system32\p752997.dll
C:\WINDOWS\system32\p7FBA4D.dll
C:\WINDOWS\system32\p8D124.dll
C:\WINDOWS\system32\pAFA7C.dll
C:\WINDOWS\system32\pCDD94.dll
C:\WINDOWS\system32\pD614B.dll
C:\WINDOWS\system32\pD687E.dll
C:\WINDOWS\system32\pF57BC.dll
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
File/Folder C:\System Volume Information\_restore{47368589-DF4D-4379-8E0F-23887C46AF96}\RP71\A0019613.exe Infected: Trojan.Win32.Zapchast.ck skipped not found.
C:\WINDOWS\system32\p1454D5.dll NOT unregistered.
C:\WINDOWS\system32\p1454D5.dll moved successfully.
C:\WINDOWS\system32\p186CEE.dll NOT unregistered.
C:\WINDOWS\system32\p186CEE.dll moved successfully.
C:\WINDOWS\system32\p1A478.dll NOT unregistered.
C:\WINDOWS\system32\p1A478.dll moved successfully.
C:\WINDOWS\system32\p1A9646.dll NOT unregistered.
C:\WINDOWS\system32\p1A9646.dll moved successfully.
C:\WINDOWS\system32\p1B0EA2.dll NOT unregistered.
C:\WINDOWS\system32\p1B0EA2.dll moved successfully.
C:\WINDOWS\system32\p1CF2B4.dll NOT unregistered.
C:\WINDOWS\system32\p1CF2B4.dll moved successfully.
C:\WINDOWS\system32\p201F25.dll NOT unregistered.
C:\WINDOWS\system32\p201F25.dll moved successfully.
C:\WINDOWS\system32\p2451D.dll NOT unregistered.
C:\WINDOWS\system32\p2451D.dll moved successfully.
C:\WINDOWS\system32\p2453C.dll NOT unregistered.
C:\WINDOWS\system32\p2453C.dll moved successfully.
C:\WINDOWS\system32\p26E4D9.dll NOT unregistered.
C:\WINDOWS\system32\p26E4D9.dll moved successfully.
C:\WINDOWS\system32\p28B11D.dll NOT unregistered.
C:\WINDOWS\system32\p28B11D.dll moved successfully.
C:\WINDOWS\system32\p29D9D.dll NOT unregistered.
C:\WINDOWS\system32\p29D9D.dll moved successfully.
C:\WINDOWS\system32\p2B249D.dll NOT unregistered.
C:\WINDOWS\system32\p2B249D.dll moved successfully.
C:\WINDOWS\system32\p2E8944.dll NOT unregistered.
C:\WINDOWS\system32\p2E8944.dll moved successfully.
C:\WINDOWS\system32\p320CCE.dll NOT unregistered.
C:\WINDOWS\system32\p320CCE.dll moved successfully.
C:\WINDOWS\system32\p34793A.dll NOT unregistered.
C:\WINDOWS\system32\p34793A.dll moved successfully.
C:\WINDOWS\system32\p3DA35B.dll NOT unregistered.
C:\WINDOWS\system32\p3DA35B.dll moved successfully.
C:\WINDOWS\system32\p4118DB.dll NOT unregistered.
C:\WINDOWS\system32\p4118DB.dll moved successfully.
C:\WINDOWS\system32\p43F47.dll NOT unregistered.
C:\WINDOWS\system32\p43F47.dll moved successfully.
C:\WINDOWS\system32\p466EA3.dll NOT unregistered.
C:\WINDOWS\system32\p466EA3.dll moved successfully.
C:\WINDOWS\system32\p523B45.dll NOT unregistered.
C:\WINDOWS\system32\p523B45.dll moved successfully.
C:\WINDOWS\system32\p58043.dll NOT unregistered.
C:\WINDOWS\system32\p58043.dll moved successfully.
C:\WINDOWS\system32\p5AE019.dll NOT unregistered.
C:\WINDOWS\system32\p5AE019.dll moved successfully.
C:\WINDOWS\system32\p5D2EDB.dll NOT unregistered.
C:\WINDOWS\system32\p5D2EDB.dll moved successfully.
C:\WINDOWS\system32\p65F5FD.dll NOT unregistered.
C:\WINDOWS\system32\p65F5FD.dll moved successfully.
C:\WINDOWS\system32\p752997.dll NOT unregistered.
C:\WINDOWS\system32\p752997.dll moved successfully.
C:\WINDOWS\system32\p7FBA4D.dll NOT unregistered.
C:\WINDOWS\system32\p7FBA4D.dll moved successfully.
C:\WINDOWS\system32\p8D124.dll NOT unregistered.
C:\WINDOWS\system32\p8D124.dll moved successfully.
C:\WINDOWS\system32\pAFA7C.dll NOT unregistered.
C:\WINDOWS\system32\pAFA7C.dll moved successfully.
C:\WINDOWS\system32\pCDD94.dll NOT unregistered.
C:\WINDOWS\system32\pCDD94.dll moved successfully.
C:\WINDOWS\system32\pD614B.dll NOT unregistered.
C:\WINDOWS\system32\pD614B.dll moved successfully.
C:\WINDOWS\system32\pD687E.dll NOT unregistered.
C:\WINDOWS\system32\pD687E.dll moved successfully.
C:\WINDOWS\system32\pF57BC.dll NOT unregistered.
C:\WINDOWS\system32\pF57BC.dll moved successfully.
File/Folder C:\WINDOWS\system32\p1454D5.dll not found.
File/Folder C:\WINDOWS\system32\p186CEE.dll not found.
File/Folder C:\WINDOWS\system32\p1A478.dll not found.
File/Folder C:\WINDOWS\system32\p1A9646.dll not found.
File/Folder C:\WINDOWS\system32\p1B0EA2.dll not found.
File/Folder C:\WINDOWS\system32\p1CF2B4.dll not found.
File/Folder C:\WINDOWS\system32\p201F25.dll not found.
File/Folder C:\WINDOWS\system32\p2451D.dll not found.
File/Folder C:\WINDOWS\system32\p2453C.dll not found.
File/Folder C:\WINDOWS\system32\p26E4D9.dll not found.
File/Folder C:\WINDOWS\system32\p28B11D.dll not found.
File/Folder C:\WINDOWS\system32\p29D9D.dll not found.
File/Folder C:\WINDOWS\system32\p2B249D.dll not found.
File/Folder C:\WINDOWS\system32\p2E8944.dll not found.
File/Folder C:\WINDOWS\system32\p320CCE.dll not found.
File/Folder C:\WINDOWS\system32\p34793A.dll not found.
File/Folder C:\WINDOWS\system32\p3DA35B.dll not found.
File/Folder C:\WINDOWS\system32\p4118DB.dll not found.
File/Folder C:\WINDOWS\system32\p43F47.dll not found.
File/Folder C:\WINDOWS\system32\p466EA3.dll not found.
File/Folder C:\WINDOWS\system32\p523B45.dll not found.
File/Folder C:\WINDOWS\system32\p58043.dll not found.
File/Folder C:\WINDOWS\system32\p5AE019.dll not found.
File/Folder C:\WINDOWS\system32\p5D2EDB.dll not found.
File/Folder C:\WINDOWS\system32\p65F5FD.dll not found.
File/Folder C:\WINDOWS\system32\p752997.dll not found.
File/Folder C:\WINDOWS\system32\p7FBA4D.dll not found.
File/Folder C:\WINDOWS\system32\p8D124.dll not found.
File/Folder C:\WINDOWS\system32\pAFA7C.dll not found.
File/Folder C:\WINDOWS\system32\pCDD94.dll not found.
File/Folder C:\WINDOWS\system32\pD614B.dll not found.
File/Folder C:\WINDOWS\system32\pD687E.dll not found.
File/Folder C:\WINDOWS\system32\pF57BC.dll not found.
Hi
Re-scan with kaspersky.
Post:
- a fresh HijackThis log
- kaspersky report
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:56 AM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: C:\WINDOWS\system32\pF57BC.dll - {145875B5-93F3-429D-FF34-6B0A2068897C} - C:\WINDOWS\system32\pF57BC.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2296881410-29860646-859945766-1011\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'QBDataServiceUser17')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163621522718
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{40F32AD0-DAB2-431A-A0CD-7BD479871520}: NameServer = 167.206.3.227,167.206.3.228
O17 - HKLM\System\CCS\Services\Tcpip\..\{A68EC468-D9FB-4A2B-BA01-70D41F3AA780}: NameServer = 167.206.3.167,167.206.3.228
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8895 bytes
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19e26cec064e9195496f0b92ff8bcf4b_9207c914-d1c0-42b8-baa0-cb85bd7cfaa8 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Nurech1.zip/upnp.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Nurech1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Documents\Intuit\QuickBooks\Company Files\Joe Silvestro Construction.qbw Object is locked skipped
C:\Documents and Settings\All Users\Documents\Intuit\QuickBooks\Company Files\Joe Silvestro Construction.qbw.TLG Object is locked skipped
C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\ApplicationHistory\QBGDSPlugin.exe.307f5518.ini.inuse Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\ApplicationHistory\qbw32.exe.ab8a06e5.ini.inuse Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Intuit\Quickbooks\log\QBWIN.LOG Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\MSHist012008042820080429\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DFBC38.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DFC1CC.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DFDACF.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\QBDataServiceUser17\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\QBDataServiceUser17\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\QBDataServiceUser17\Local Settings\Temp\asat0000.tmp Object is locked skipped
C:\Documents and Settings\QBDataServiceUser17\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\QBDataServiceUser17\ntuser.dat.LOG Object is locked skipped
C:\Program Files\CA\eTrust Antivirus\DB\rtmaster.dbf Object is locked skipped
C:\Program Files\CA\eTrust Antivirus\DB\rtmaster.ntx Object is locked skipped
C:\Program Files\CA\eTrust Antivirus\Move\1b2dfa9d-89a4-4c02-8f8e-fd1fb30506de.AVB Object is locked skipped
C:\Program Files\CA\eTrust Antivirus\Move\2114ccde-7bd7-421f-86db-ad37aa08cab6.AVB Object is locked skipped
C:\Program Files\CA\eTrust Antivirus\Move\21b0db5e-4294-4bcc-8325-96a255e783aa.AVB Object is locked skipped
C:\Program Files\CA\eTrust Antivirus\Move\47dd0d3c-627b-45e5-aa2a-67590ffaae74.AVB Object is locked skipped
C:\Program Files\CA\eTrust Antivirus\Move\90e263dd-f5fd-4678-bbd4-c34203bb0c7f.AVB Object is locked skipped
C:\Program Files\CA\eTrust Antivirus\Move\a20bd531-5ca3-491a-9365-967d1e96c648.AVB Object is locked skipped
C:\Program Files\CA\eTrust Antivirus\Move\ac8d8d9a-137f-4567-9f64-9afeccf055f0.AVB Object is locked skipped
C:\Program Files\CA\eTrust Antivirus\Move\ad364091-9852-4874-9eb4-c058271b9aa7.AVB Object is locked skipped
C:\Program Files\CA\eTrust Antivirus\Move\b2c9b3a9-00ea-4b7b-b616-829308550776.AVB Object is locked skipped
C:\Program Files\CA\eTrust Antivirus\Move\ece81214-719c-4f12-a96c-9330c79a6449.AVB Object is locked skipped
C:\Program Files\InstallShield Installation Information\{362BFFCD-8274-11D8-97C8-000129760CBE}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{582E9125-32B6-4CBA-AB48-3E33CE3DB389}\setup.ilg Object is locked skipped
C:\Program Files\Intuit\QuickBooks Premier - Contractor Edition\UserDictionary.tlx Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc1.mpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc10.doc Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc11.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc12.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc13.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc14.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc15.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc16.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc17.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc18.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc19.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc2.mpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc20.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc21.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc22.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc23.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc24.jpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc3.mpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc4.wmv Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc5.mpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc6.mpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc7.mpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc8.mpg Object is locked skipped
C:\RECYCLER\S-1-5-21-1772323979-1829854029-801995293-1009\Dc9.mpg Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{47368589-DF4D-4379-8E0F-23887C46AF96}\RP71\A0019613.exe Infected: Trojan.Win32.Zapchast.ck skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p1454D5.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p186CEE.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p1A478.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p1A9646.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p1B0EA2.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p1CF2B4.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p201F25.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p2451D.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p2453C.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p26E4D9.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p28B11D.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p29D9D.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p2B249D.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p2E8944.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p320CCE.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p34793A.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p3DA35B.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p4118DB.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p43F47.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p466EA3.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p523B45.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p58043.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p5AE019.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p5D2EDB.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p65F5FD.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p752997.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p7FBA4D.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\p8D124.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\pAFA7C.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\pCDD94.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\pD614B.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\pD687E.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
C:\_OTMoveIt\MovedFiles\04252008_141349\WINDOWS\system32\pF57BC.dll Infected: Trojan-Downloader.Win32.Agent.bbn skipped
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP292\change.log Object is locked skipped
Scan process completed.
Hi
Empty these folders:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\
C:\_OTMoveIt\MovedFiles\
Empty Recycle Bin.
Still problems?
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP292\change.log Object is locked skipped
C:\USERDATA\Application Data\Adobe\Acrobat\6.0\AcroForm\MRUFormsList Object is locked skipped
C:\USERDATA\Application Data\Adobe\Acrobat\6.0\AdobeComFnt06.lst Object is locked skipped
C:\USERDATA\Application Data\Adobe\Acrobat\6.0\Collab\OfflineDocs Object is locked skipped
C:\USERDATA\Application Data\Adobe\Acrobat\6.0\Collab\Reviews Object is locked skipped
C:\USERDATA\Application Data\Adobe\Acrobat\6.0\JSADM.exv Object is locked skipped
C:\USERDATA\Application Data\Adobe\Acrobat\6.0\Messages\ENU\read0600win_ENUhpcq0061h.pdf Object is locked skipped
C:\USERDATA\Application Data\Adobe\Acrobat\6.0\Messages\ENU\read0600win_ENUyhoo0014h.pdf Object is locked skipped
C:\USERDATA\Application Data\Adobe\Acrobat\6.0\Preferences\AutoFillDefaults.dat Object is locked skipped
C:\USERDATA\Application Data\Adobe\Acrobat\6.0\Preferences\defaultHeuristics.dat Object is locked skipped
C:\USERDATA\Application Data\Adobe\Acrobat\6.0\TMGrpPrm.sav Object is locked skipped
C:\USERDATA\Application Data\Adobe\Acrobat\6.0\Updater\udstore.js Object is locked skipped
C:\USERDATA\Application Data\Apple Computer\iTunes\CD Info.cidb Object is locked skipped
C:\USERDATA\Application Data\Apple Computer\iTunes\iTunes.pref Object is locked skipped
C:\USERDATA\Application Data\desktop.ini Object is locked skipped
C:\USERDATA\Application Data\Google\GoogleEarth\myplaces.backup.kml Object is locked skipped
C:\USERDATA\Application Data\Google\GoogleEarth\myplaces.kml Object is locked skipped
C:\USERDATA\Application Data\Google\GoogleEarth\myplaces.kml.tmp Object is locked skipped
C:\USERDATA\Application Data\Google\GoogleEarth\myplaces.old Object is locked skipped
C:\USERDATA\Application Data\Google\Local Search History\google%2Eweb.w Object is locked skipped
C:\USERDATA\Application Data\InterVideo\WinDVD\5.0\Bookmark\FESTOOLDVD-579293764_Auto.bmk Object is locked skipped
C:\USERDATA\Application Data\InterVideo\WinDVD\5.0\Bookmark\SLOPPY_PUSSIES-983995409_Auto.bmk Object is locked skipped
C:\USERDATA\Application Data\Logitech\SetPoint\gamelist.xml Object is locked skipped
C:\USERDATA\Application Data\Logitech\SetPoint\user.xml Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\#SharedObjects\YE2VXDHP\64.156.213.251\view.swf\UserDefaults.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\#SharedObjects\YE2VXDHP\bankofamerica.com\sas\sas-docs\html\pmfso.swf\PassMark.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\#SharedObjects\YE2VXDHP\bestbuy.com\BestBuy_US\en_US\images\global\features\f_20050101_homefeat_01.swf\ViewedBefore.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\#SharedObjects\YE2VXDHP\flash2.ifriends.net\usersettings.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\#SharedObjects\YE2VXDHP\guba.com\guba.com.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\#SharedObjects\YE2VXDHP\itchlive.com\media\flash\site\site_0.62.swf\ignoreCookie.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\#SharedObjects\YE2VXDHP\localhost\DOCUME~1\HP_Owner\LOCALS~1\Temp\rf.swf\swr_wizard_so2.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\#SharedObjects\YE2VXDHP\marthasgirls.com\marthasData.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\#SharedObjects\YE2VXDHP\naiadsystems.com\flash\generic\preview.swf\naiad.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\#SharedObjects\YE2VXDHP\orders.webpower.com\vwsettings.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\#SharedObjects\YE2VXDHP\pandora.com\v2_PerfComp.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\#SharedObjects\YE2VXDHP\pandora.com\v3_Machine.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\#SharedObjects\YE2VXDHP\video.google.com\googleplayer.swf\mediaPlayerUserSettings.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#64.156.213.251\settings.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bankofamerica.com\settings.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bestbuy.com\settings.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash2.ifriends.net\settings.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#globetrotter.net\settings.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#guba.com\settings.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#itchlive.com\settings.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\settings.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#marthasgirls.com\settings.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#naiadsystems.com\settings.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#orders.webpower.com\settings.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pandora.com\settings.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.google.com\settings.sol Object is locked skipped
C:\USERDATA\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Address Book\HP_Owner.wab Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Address Book\HP_Owner.wab~ Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Clip Organizer\mstore10.mgc Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Clip Organizer\Offic10.MGC Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch.2640.679421 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch.3252.2129296 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\Content\107367539B7C89418A100A6FF29C5EAC Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 Object is locked
:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\Content\4241116AF370FAC5C95DE753B1F7BD7C Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\Content\5C8DDA36D60247082B142836039F4636 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\Content\6CE8EFD9237C13C5FAD9A5EF89E5764D Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\Content\A66496915E372C06F0D8C0CC31F81B97 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\Content\DC2135CED98D8A4D7C0CEE202BB0B810 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\Content\F5A17C00E427F919C4A49EEF5AD0EE53 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\MetaData\107367539B7C89418A100A6FF29C5EAC Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\MetaData\4241116AF370FAC5C95DE753B1F7BD7C Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\MetaData\5C8DDA36D60247082B142836039F4636 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\MetaData\6CE8EFD9237C13C5FAD9A5EF89E5764D Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\MetaData\A66496915E372C06F0D8C0CC31F81B97 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\MetaData\DC2135CED98D8A4D7C0CEE202BB0B810 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\CryptnetUrlCache\MetaData\F5A17C00E427F919C4A49EEF5AD0EE53 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1772323979-1829854029-801995293-1009\83aa4cc77f591dfc2374580bbd95f6ba_9207c914-d1c0-42b8-baa0-cb85bd7cfaa8 Object is locked skipped
C:\USERDATA\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\USERDATA\Application Data\Microsoft\Internet Explorer\Quick Launch\HP Organize.lnk
do i need to post all of report?
Hi
No :)
Empty those folder I instructed, please.
Still problems?
Due to the lack of feedback this Topic is closed.
If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.