Help me!30 Problems wont go away!

katana · Dec 23, 2007

That's looking better :bigthumb:

Still a bit more needs to go though.

Please download ComboFix by sUBs from HERE or HERE

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Wizit · Dec 24, 2007

Uh oh!

We might have a problem. One Of the Viruses always pulls up command prompts when i boot up the computer. It wont let it run because the virus is already using it! What do I do now! Reply soon with an answer or not.

katana · Dec 24, 2007

Try this

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Code:
```
Killall::
```
Save this as CFScript.txt and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Wizit · Dec 24, 2007

Omg!!!

When i do that is pops up a little window and says

"C:/WINDOWS/system32/cmd.exe":
"Another program is currently using this file"

I think its the virus because it opens cmd prompts when i log in. It never did that until i caught these viruses.

:angel

lease help!:angel:

katana · Dec 24, 2007

Disable Teatimer
First step:

Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident

Second step, For Either Version :

Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.

OTMoveIt
Please download OTMoveIt by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
C:\WINDOWS\system32\yayvsts.dll
C:\WINDOWS\system32\winlog.exe
C:\ONOES.EXE
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Close OTMoveIt
Copy and paste the contents of the results box as a reply to this topic

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\\_OTMoveIt\\MovedFiles\\********_******.log
(where "********_******" is the "date_time")

Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {153da9c5-f35a-41b2-920c-d56846660c99} - C:\WINDOWS\system32\ettktlb.dll (file missing)
O2 - BHO: {fccf5eef-74a1-00ea-c6c4-cc89156cfd74} - {47dfc651-98cc-4c6c-ae00-1a47fee5fccf} - C:\WINDOWS\system32\ptorrbxj.dll (file missing)
O2 - BHO: (no name) - {7FDFEBE7-BD6F-4B9B-AA85-F1803CC80FFF} - C:\WINDOWS\system32\yabxw.dll (file missing)
O2 - BHO: (no name) - {DB0B918E-A0A8-482B-8D75-A682816B0C7B} - C:\WINDOWS\system32\yayvsts.dll
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - Global Startup: svchost.exe
O20 - Winlogon Notify: yayvsts - C:\WINDOWS\SYSTEM32\yayvsts.dll
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis

No Antivirus
I can see no indication of any Antivirus software.

Use an AntiVirus Software - It is very important that you have anti-virus software running on your machine.
This alone can save you a lot of trouble with malware in the future.
Free AV list
AVG Free
Avira AntiVir
Avast

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week.
If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Antivirus is a MUST

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

OTMoveIt log
A fresh HJT log
How are things running now ?

Wizit · Dec 24, 2007

now lets see

The only things on the hijackthis log were
O4 - HKLM\..\Run: [winlog] winlog.exe &
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)

I deleted those so here are the logs

Wizit · Dec 24, 2007

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:29 AM, on 12/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Atievxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mmhp.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - .DEFAULT User Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe (User 'Default user')
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186100614029
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)

--
End of file - 4051 bytes

Wizit · Dec 24, 2007

Heres The Movit log

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\yayvsts.dll
C:\WINDOWS\system32\yayvsts.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\yayvsts.dll scheduled to be moved on reboot.
File/Folder C:\WINDOWS\system32\winlog.exe not found.
File/Folder C:\ONOES.EXE not found.

Created on 12/24/2007 00:22:47

So am i supposed to do the combofix thing now or is my pc clean?:2thumb:

Wizit · Dec 24, 2007

Avg?

I downloaded that AVG software thing and now I my pc is running slower and it keeps saying theres trojans on my pc. Are you sure that the website was safe. Im gona Run the Vundo Fix again because it did wonders for me the first time.

:

katana · Dec 24, 2007

Vundo fix shouldn't do anything now,

Try running ComboFix again,

Wizit · Dec 24, 2007

Yes ComboFix Worked!

Finally the combofix worked

Heres the log

ComboFix 07-12-21.4 - jd 2007-12-24 12:02:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.170 [GMT -6:00]Running from: C:\Documents and Settings\jd\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d.exe
C:\install.exe
C:\Program Files\outlook
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\b.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\abc2
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\nwgcxlbw.dllbox
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\UpMedia
C:\WINDOWS\system32\winlogo.exe
C:\winlogon.exe
C:\x.dat
C:\z.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\core
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-24 02:20 . 2007-12-24 02:20 14,033 --a------ C:\posE1C.tmp
2007-12-24 02:19 . 2007-12-24 02:19 165,472 --a------ C:\WINDOWS\system32\ucaapnft.dll
2007-12-24 02:19 . 2007-12-24 02:19 74,304 --a------ C:\WINDOWS\system32\fregymvv.exe
2007-12-24 02:17 . 2007-12-24 02:17 359,351 --ahs---- C:\WINDOWS\system32\acfhk.bak2
2007-12-24 02:12 . 2007-12-24 02:23 <DIR> d-------- C:\Program Files\Runescape Apocalypse Client
2007-12-24 01:39 . 2007-12-24 01:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-24 01:39 . 2007-12-24 08:01 <DIR> d-------- C:\Documents and Settings\jd\Application Data\AVG7
2007-12-24 01:38 . 2007-12-24 01:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 01:38 . 2007-12-24 02:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-23 14:17 . 2007-12-24 02:32 361,196 --ahs---- C:\WINDOWS\system32\acfhk.ini
2007-12-23 14:17 . 2007-12-23 14:17 6,560 --ahs---- C:\WINDOWS\system32\acfhk.bak1
2007-12-22 20:25 . 2007-12-22 20:25 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-22 20:19 . 2007-12-24 09:45 <DIR> d-------- C:\VundoFix Backups
2007-12-22 15:14 . 2007-12-22 15:15 991,464 --ahs---- C:\WINDOWS\system32\adgmisbx.ini
2007-12-22 10:05 . 2007-12-22 13:00 991,293 --ahs---- C:\WINDOWS\system32\ppuldpnu.ini
2007-12-21 22:12 . 2007-12-21 22:13 1,676,194 --ahs---- C:\WINDOWS\system32\jxjdwrpt.ini
2007-12-21 21:06 . 2007-12-21 21:06 14,033 --a------ C:\posC75.tmp
2007-12-21 19:41 . 2007-12-21 22:13 1,674,954 --ahs---- C:\WINDOWS\system32\rtcfltpv.ini
2007-12-21 19:38 . 2007-12-21 19:38 14,033 --a------ C:\posAC4.tmp
2007-12-21 16:06 . 2007-12-21 19:39 1,676,014 --ahs---- C:\WINDOWS\system32\neygqjlf.ini
2007-12-21 16:01 . 2007-12-21 16:01 14,033 --a------ C:\pos94B.tmp
2007-12-21 16:00 . 2007-12-21 16:00 14,033 --a------ C:\pos844.tmp
2007-12-21 14:08 . 2007-12-21 16:01 1,829,183 --ahs---- C:\WINDOWS\system32\xvxispda.ini
2007-12-21 13:53 . 2007-12-21 13:53 14,033 --a------ C:\pos4FA.tmp
2007-12-20 17:11 . 2007-12-21 13:56 1,975,012 --ahs---- C:\WINDOWS\system32\dclsaaby.ini
2007-12-20 15:59 . 2007-12-20 16:28 993,178 --ahs---- C:\WINDOWS\system32\rvrfiknv.ini
2007-12-20 15:57 . 2007-12-20 15:57 14,033 --a------ C:\pos7A4.tmp
2007-12-20 15:56 . 2007-12-20 15:56 14,033 --a------ C:\pos68B.tmp
2007-12-19 21:08 . 2007-12-20 15:56 993,109 --ahs---- C:\WINDOWS\system32\pqgvwcxq.ini
2007-12-19 21:01 . 2007-12-19 21:01 14,033 --a------ C:\posA.tmp
2007-12-19 20:29 . 2007-12-19 20:29 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Store Purchased
2007-12-19 20:29 . 2007-12-19 20:29 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Shared
2007-12-19 20:29 . 2007-12-21 21:09 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Saved
2007-12-19 20:26 . 2007-12-21 21:10 <DIR> d-------- C:\Program Files\LimeWire
2007-12-19 20:15 . 2007-12-19 21:02 992,989 --ahs---- C:\WINDOWS\system32\vfmpauef.ini
2007-12-19 20:12 . 2007-12-19 20:12 165,472 --a------ C:\WINDOWS\system32\kowomwfv.dll
2007-12-18 20:14 . 2007-12-19 20:14 992,869 --ahs---- C:\WINDOWS\system32\fmjysakr.ini
2007-12-17 19:33 . 2007-12-17 19:33 <DIR> d-------- C:\Program Files\RCA
2007-12-17 17:46 . 2007-12-17 20:17 971,241 --ahs---- C:\WINDOWS\system32\vkxctjjm.ini
2007-12-17 16:15 . 2007-12-17 17:43 971,121 --ahs---- C:\WINDOWS\system32\vwhcrjeg.ini
2007-12-17 13:28 . 2007-12-17 13:20 338,965 --ahs---- C:\WINDOWS\system32\wxbay.ini
2007-12-17 13:20 . 2007-12-22 20:08 360,140 --ahs---- C:\WINDOWS\system32\wxbay.ini2
2007-12-17 13:20 . 2007-12-22 12:57 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-17 13:16 . 2007-12-17 13:16 <DIR> dr-h----- C:\Documents and Settings\Kyle\Application Data\yahoo!
2007-12-17 13:14 . 2007-12-17 13:20 338,965 --ahs---- C:\WINDOWS\system32\wxbay.tmp
2007-12-16 17:47 . 2007-08-03 19:31 <DIR> d-------- C:\Documents and Settings\Kyle\WINDOWS
2007-12-16 17:47 . 2007-12-16 17:47 <DIR> d--hs---- C:\Documents and Settings\Kyle\UserData
2007-12-16 17:47 . 2007-08-03 19:36 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\McAfee.com Personal Firewall
2007-12-16 17:44 . 2007-12-16 17:44 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-12-16 15:22 . 2007-12-22 17:01 2,402 --a------ C:\WINDOWS\wininit.ini
2007-12-16 14:27 . 2007-12-22 15:09 366,160 --ahs---- C:\WINDOWS\system32\wxbay.bak2
2007-12-16 11:20 . 2007-12-16 19:48 <DIR> d-------- C:\Documents and Settings\jd\Application Data\DivX
2007-12-15 23:09 . 2007-12-15 23:09 167 --a------ C:\Documents and Settings\jd\1563.bat
2007-12-15 22:16 . 2007-12-16 17:36 <DIR> d-------- C:\Documents and Settings\jd\Application Data\Lavasoft
2007-12-15 21:54 . 2007-12-15 21:54 167 --a------ C:\Documents and Settings\jd\1618.bat
2007-12-15 21:46 . 2007-12-15 23:09 36,864 --a------ C:\Documents and Settings\jd\winlogo.exe
2007-12-15 19:11 . 2007-12-18 20:10 333,774 --ahs---- C:\WINDOWS\system32\wxbay.bak1
2007-12-15 19:07 . 2007-12-15 19:09 329,824 --a------ C:\WINDOWS\system32\yabxw.dll_old
2007-12-15 19:03 . 2007-12-15 19:03 167 --a------ C:\WINDOWS\system32\8029.bat
2007-12-15 19:02 . 2007-12-15 21:51 <DIR> d-------- C:\WINDOWS\system32\shel9
2007-12-15 19:02 . 2007-12-16 11:17 <DIR> d-------- C:\WINDOWS\system32\oc9
2007-12-15 19:02 . 2007-12-15 19:02 <DIR> d-------- C:\WINDOWS\system32\ipd1
2007-12-15 19:02 . 2007-12-16 11:17 <DIR> d-------- C:\WINDOWS\system32\ex1
2007-12-15 19:02 . 2007-12-15 19:02 68,096 --------- C:\app.exe
2007-12-15 19:02 . 2007-12-15 19:02 134 --a------ C:\n.bat
2007-12-15 19:02 . 2007-12-15 19:02 0 --a------ C:\WINDOWS\system32\z.dat
2007-12-15 19:02 . 2007-12-15 19:02 0 --a------ C:\WINDOWS\system32\x.dat
2007-12-15 19:01 . 2007-12-15 19:01 <DIR> d-------- C:\WINDOWS\system32\ineWc07
2007-12-15 19:01 . 2007-12-15 19:02 <DIR> d-------- C:\Temp\tpBe12
2007-12-15 19:01 . 2007-12-24 12:27 <DIR> d-------- C:\Temp
2007-12-11 16:35 . 2007-12-11 16:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 16:35 . 2007-12-11 16:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 16:34 . 2007-12-11 16:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 16:34 . 2007-12-11 16:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 16:34 . 2007-12-11 16:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 16:32 . 2007-12-11 16:32 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-12-11 16:32 . 2007-12-11 16:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 16:32 . 2007-12-11 16:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-10 19:00 . 2007-12-10 19:00 <DIR> d-------- C:\GMouse20
2007-12-02 00:40 . 2007-12-17 19:49 74 --a------ C:\WINDOWS\RCAMPEG4VC.ini
2007-12-01 23:35 . 2006-09-13 14:52 561,152 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-01 23:35 . 2006-09-13 15:01 237,568 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-01 23:35 . 2005-12-30 15:34 2,864 --a------ C:\WINDOWS\system32\xvid.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-22 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 05:26 --------- d-----w C:\Program Files\RegistryFix
2007-12-22 03:09 --------- d-----w C:\Documents and Settings\jd\Application Data\LimeWire
2007-12-18 01:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-17 19:34 --------- d-----w C:\Program Files\Java
2007-12-17 00:17 720,896 ----a-w C:\WINDOWS\iun6002.exe
2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-08 19:02 --------- d-----w C:\Program Files\Yahoo!
2007-12-02 05:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-18 03:17 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-18 03:17 --------- d-----w C:\Program Files\rpg2003
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-03 20:22 --------- d-----w C:\Documents and Settings\jd\Application Data\Yahoo!
2007-11-03 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-01 20:04 --------- d-----w C:\Program Files\FileZilla
2007-11-01 14:03 0 ----a-w C:\Documents and Settings\jd\AutoTalkerPro20.exe
2007-10-27 00:15 --------- d-----w C:\Program Files\Zune
2007-08-02 13:43 282,624 ----a-w C:\Program Files\Common Files\meqot83122.dll
2007-08-02 13:43 282,624 ----a-w C:\Program Files\Common Files\meqot4444.dll
2007-09-04 23:56 56 --sh--r C:\WINDOWS\system32\A3D88A52D0.sys
2007-09-04 23:56 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{153da9c5-f35a-41b2-920c-d56846660c99}]
C:\WINDOWS\system32\ettktlb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47dfc651-98cc-4c6c-ae00-1a47fee5fccf}]
C:\WINDOWS\system32\ptorrbxj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FDFEBE7-BD6F-4B9B-AA85-F1803CC80FFF}]
C:\WINDOWS\system32\yabxw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C79D9874-87DB-4FDD-968E-C895E9690DEA}]
C:\WINDOWS\system32\khfca.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-27 18:09]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 16:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-24 09:44]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-24 01:38]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

C:\Documents and Settings\Kyle\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

C:\Documents and Settings\jd\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwgcxlbw]
nwgcxlbw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvsts]
yayvsts.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

R3 atimtai;atimtai;C:\WINDOWS\system32\DRIVERS\atimtai.sys [2001-08-17 06:48]
R3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\EL556ND5.sys [2001-08-17 06:10]
R3 maestro;ESS Maestro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198xdl.sys [2002-06-20 16:53]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2005-06-22 18:54]
R3 WDHAALBA;WDHAALBAMiniPCI Winmodem;C:\WINDOWS\system32\DRIVERS\WDHAALBA.sys [2001-08-17 07:28]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0a4aa71-4959-11dc-a30f-0000864da474}]
\Shell\AutoRun\command - D:\setup.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 12:39:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-24 12:42:09 - machine was rebooted
.
2007-12-12 01:06:33 --- E O F ---

katana · Dec 24, 2007

You have some very nasty infections showing there, one or more is a Password Stealer
Please do the following in the order given

Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it katlook.bat Please save it on your desktop.

echo "Data stolen" >> C:\Katlook.txt
type C:\qoobox\Quarantine\C\x.dat >> C:\Katlook.txt
type C:\qoobox\Quarantine\C\z.dat >> C:\Katlook.txt
type C:\WINDOWS\system32\x.dat >> C:\Katlook.txt
type C:\WINDOWS\system32\z.dat >> C:\Katlook.txt
Notepad C:\katlook.txt
del /q katlook.bat
exit

Double click on Katlook.bat

Notepad will open, if it is empty that is great.
If it is not empty, it will contain any data that may have been stolen

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code:

DirLook::
C:\WINDOWS\system32\shel9
C:\WINDOWS\system32\oc9
C:\WINDOWS\system32\ipd1
C:\WINDOWS\system32\ex1

File::
C:\WINDOWS\system32\ucaapnft.dll
C:\WINDOWS\system32\fregymvv.exe
C:\WINDOWS\system32\acfhk.bak2
C:\WINDOWS\system32\acfhk.ini
C:\WINDOWS\system32\acfhk.bak1
C:\WINDOWS\system32\adgmisbx.ini
C:\WINDOWS\system32\ppuldpnu.ini
C:\WINDOWS\system32\jxjdwrpt.ini
C:\WINDOWS\system32\rtcfltpv.ini
C:\WINDOWS\system32\neygqjlf.ini
C:\WINDOWS\system32\xvxispda.ini
C:\WINDOWS\system32\dclsaaby.ini
C:\WINDOWS\system32\rvrfiknv.ini
C:\WINDOWS\system32\pqgvwcxq.ini
C:\WINDOWS\system32\vfmpauef.ini
C:\WINDOWS\system32\kowomwfv.dll
C:\WINDOWS\system32\fmjysakr.ini
C:\WINDOWS\system32\vkxctjjm.ini
C:\WINDOWS\system32\vwhcrjeg.ini
C:\WINDOWS\system32\wxbay.ini
C:\WINDOWS\system32\wxbay.ini2
C:\WINDOWS\system32\wxbay.tmp
C:\WINDOWS\system32\wxbay.bak2
C:\Documents and Settings\jd\1563.bat
C:\Documents and Settings\jd\1618.bat
C:\Documents and Settings\jd\winlogo.exe
C:\WINDOWS\system32\wxbay.bak1
C:\WINDOWS\system32\yabxw.dll_old
C:\WINDOWS\system32\8029.bat
C:\app.exe
C:\n.bat
C:\WINDOWS\system32\khfca.dll
C:\WINDOWS\system32\yabxw.dll
C:\WINDOWS\system32\ettktlb.dll
C:\WINDOWS\system32\ptorrbxj.dll
C:\WINDOWS\RCAMPEG4VC.ini
C:\WINDOWS\iun6002.exe
C:\Program Files\Common Files\meqot83122.dll
C:\Program Files\Common Files\meqot4444.dll
Folder::
C:\Temp\tpBe12
Driver::
Microsoft cache control
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{153da9c5-f35a-41b2-920c-d56846660c99}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47dfc651-98cc-4c6c-ae00-1a47fee5fccf}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7FDFEBE7-BD6F-4B9B-AA85-F1803CC80FFF}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C79D9874-87DB-4FDD-968E-C895E9690DEA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nwgcxlbw]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayvsts]

Save this as CFScript.txt and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Wizit · Dec 25, 2007

dont.:bigthumb:
heres to you :beerbeerb: lol. Heres is the new Combofix log

ComboFix 07-12-21.4 - jd 2007-12-24 18:45:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.242 [GMT -6:00]
Running from: C:\Documents and Settings\jd\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\jd\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\app.exe
C:\Documents and Settings\jd\1563.bat
C:\Documents and Settings\jd\1618.bat
C:\Documents and Settings\jd\winlogo.exe
C:\n.bat
C:\Program Files\Common Files\meqot4444.dll
C:\Program Files\Common Files\meqot83122.dll
C:\WINDOWS\iun6002.exe
C:\WINDOWS\RCAMPEG4VC.ini
C:\WINDOWS\system32\8029.bat
C:\WINDOWS\system32\acfhk.bak1
C:\WINDOWS\system32\acfhk.bak2
C:\WINDOWS\system32\acfhk.ini
C:\WINDOWS\system32\adgmisbx.ini
C:\WINDOWS\system32\dclsaaby.ini
C:\WINDOWS\system32\ettktlb.dll
C:\WINDOWS\system32\fmjysakr.ini
C:\WINDOWS\system32\fregymvv.exe
C:\WINDOWS\system32\jxjdwrpt.ini
C:\WINDOWS\system32\khfca.dll
C:\WINDOWS\system32\kowomwfv.dll
C:\WINDOWS\system32\neygqjlf.ini
C:\WINDOWS\system32\ppuldpnu.ini
C:\WINDOWS\system32\pqgvwcxq.ini
C:\WINDOWS\system32\ptorrbxj.dll
C:\WINDOWS\system32\rtcfltpv.ini
C:\WINDOWS\system32\rvrfiknv.ini
C:\WINDOWS\system32\ucaapnft.dll
C:\WINDOWS\system32\vfmpauef.ini
C:\WINDOWS\system32\vkxctjjm.ini
C:\WINDOWS\system32\vwhcrjeg.ini
C:\WINDOWS\system32\wxbay.bak1
C:\WINDOWS\system32\wxbay.bak2
C:\WINDOWS\system32\wxbay.ini
C:\WINDOWS\system32\wxbay.ini2
C:\WINDOWS\system32\wxbay.tmp
C:\WINDOWS\system32\xvxispda.ini
C:\WINDOWS\system32\yabxw.dll
C:\WINDOWS\system32\yabxw.dll_old
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\app.exe
C:\Documents and Settings\jd\1563.bat
C:\Documents and Settings\jd\1618.bat
C:\Documents and Settings\jd\winlogo.exe
C:\n.bat
C:\Program Files\Common Files\meqot4444.dll
C:\Program Files\Common Files\meqot83122.dll
C:\Temp\tpBe12
C:\Temp\tpBe12\etFr.log
C:\WINDOWS\iun6002.exe
C:\WINDOWS\RCAMPEG4VC.ini
C:\WINDOWS\system32\8029.bat
C:\WINDOWS\system32\acfhk.bak1
C:\WINDOWS\system32\acfhk.bak2
C:\WINDOWS\system32\acfhk.ini
C:\WINDOWS\system32\adgmisbx.ini
C:\WINDOWS\system32\dclsaaby.ini
C:\WINDOWS\system32\fmjysakr.ini
C:\WINDOWS\system32\fregymvv.exe
C:\WINDOWS\system32\jxjdwrpt.ini
C:\WINDOWS\system32\kowomwfv.dll
C:\WINDOWS\system32\neygqjlf.ini
C:\WINDOWS\system32\ppuldpnu.ini
C:\WINDOWS\system32\pqgvwcxq.ini
C:\WINDOWS\system32\rtcfltpv.ini
C:\WINDOWS\system32\rvrfiknv.ini
C:\WINDOWS\system32\ucaapnft.dll
C:\WINDOWS\system32\vfmpauef.ini
C:\WINDOWS\system32\vkxctjjm.ini
C:\WINDOWS\system32\vwhcrjeg.ini
C:\WINDOWS\system32\wxbay.bak1
C:\WINDOWS\system32\wxbay.bak2
C:\WINDOWS\system32\wxbay.ini
C:\WINDOWS\system32\wxbay.ini2
C:\WINDOWS\system32\wxbay.tmp
C:\WINDOWS\system32\xvxispda.ini
C:\WINDOWS\system32\yabxw.dll_old

.
((((((((((((((((((((((((( Files Created from 2007-11-25 to 2007-12-25 )))))))))))))))))))))))))))))))
.

2007-12-24 02:20 . 2007-12-24 02:20 14,033 --a------ C:\posE1C.tmp
2007-12-24 02:12 . 2007-12-24 02:23 <DIR> d-------- C:\Program Files\Runescape Apocalypse Client
2007-12-24 01:39 . 2007-12-24 01:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-24 01:39 . 2007-12-24 08:01 <DIR> d-------- C:\Documents and Settings\jd\Application Data\AVG7
2007-12-24 01:38 . 2007-12-24 01:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-24 01:38 . 2007-12-24 02:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-22 20:25 . 2007-12-22 20:25 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-22 20:19 . 2007-12-24 09:45 <DIR> d-------- C:\VundoFix Backups
2007-12-21 21:07 . 2007-12-21 21:07 14,033 --a------ C:\posDA8.tmp
2007-12-21 21:06 . 2007-12-21 21:06 14,033 --a------ C:\posC75.tmp
2007-12-21 19:39 . 2007-12-21 19:39 14,033 --a------ C:\posBB7.tmp
2007-12-21 19:38 . 2007-12-21 19:38 14,033 --a------ C:\posAC4.tmp
2007-12-21 16:02 . 2007-12-21 16:02 14,033 --a------ C:\pos9C4.tmp
2007-12-21 16:01 . 2007-12-21 16:01 14,033 --a------ C:\pos94B.tmp
2007-12-21 16:00 . 2007-12-21 16:00 14,033 --a------ C:\pos844.tmp
2007-12-21 13:54 . 2007-12-21 13:54 14,033 --a------ C:\pos5DB.tmp
2007-12-21 13:53 . 2007-12-21 13:53 14,033 --a------ C:\pos4FA.tmp
2007-12-20 15:58 . 2007-12-20 15:58 14,033 --a------ C:\pos811.tmp
2007-12-20 15:57 . 2007-12-20 15:57 14,033 --a------ C:\pos7A4.tmp
2007-12-20 15:56 . 2007-12-20 15:56 14,033 --a------ C:\pos68B.tmp
2007-12-19 21:02 . 2007-12-19 21:02 14,033 --a------ C:\pos3DF.tmp
2007-12-19 21:01 . 2007-12-19 21:01 14,033 --a------ C:\posA.tmp
2007-12-19 20:29 . 2007-12-19 20:29 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Store Purchased
2007-12-19 20:29 . 2007-12-19 20:29 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Shared
2007-12-19 20:29 . 2007-12-21 21:09 <DIR> d-------- C:\Documents and Settings\jd\LimeWire Saved
2007-12-19 20:26 . 2007-12-21 21:10 <DIR> d-------- C:\Program Files\LimeWire
2007-12-19 20:13 . 2007-12-19 20:13 14,033 --a------ C:\posF3.tmp
2007-12-19 20:12 . 2007-12-19 20:13 14,033 --a------ C:\pos43.tmp
2007-12-17 19:33 . 2007-12-17 19:33 <DIR> d-------- C:\Program Files\RCA
2007-12-17 13:20 . 2007-12-22 12:57 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-17 13:16 . 2007-12-17 13:16 <DIR> dr-h----- C:\Documents and Settings\Kyle\Application Data\yahoo!
2007-12-16 17:47 . 2007-08-03 19:31 <DIR> d-------- C:\Documents and Settings\Kyle\WINDOWS
2007-12-16 17:47 . 2007-12-16 17:47 <DIR> d--hs---- C:\Documents and Settings\Kyle\UserData
2007-12-16 17:47 . 2007-08-03 19:36 <DIR> d-------- C:\Documents and Settings\Kyle\Application Data\McAfee.com Personal Firewall
2007-12-16 17:44 . 2007-12-16 17:44 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-12-16 15:22 . 2007-12-22 17:01 2,402 --a------ C:\WINDOWS\wininit.ini
2007-12-16 11:20 . 2007-12-16 19:48 <DIR> d-------- C:\Documents and Settings\jd\Application Data\DivX
2007-12-15 22:16 . 2007-12-16 17:36 <DIR> d-------- C:\Documents and Settings\jd\Application Data\Lavasoft
2007-12-15 19:02 . 2007-12-15 21:51 <DIR> d-------- C:\WINDOWS\system32\shel9
2007-12-15 19:02 . 2007-12-16 11:17 <DIR> d-------- C:\WINDOWS\system32\oc9
2007-12-15 19:02 . 2007-12-15 19:02 <DIR> d-------- C:\WINDOWS\system32\ipd1
2007-12-15 19:02 . 2007-12-16 11:17 <DIR> d-------- C:\WINDOWS\system32\ex1
2007-12-15 19:02 . 2007-12-15 19:02 0 --a------ C:\WINDOWS\system32\z.dat
2007-12-15 19:02 . 2007-12-15 19:02 0 --a------ C:\WINDOWS\system32\x.dat
2007-12-15 19:01 . 2007-12-15 19:01 <DIR> d-------- C:\WINDOWS\system32\ineWc07
2007-12-15 19:01 . 2007-12-24 18:49 <DIR> d-------- C:\Temp
2007-12-11 16:35 . 2007-12-11 16:35 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-12-11 16:35 . 2007-12-11 16:35 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-12-11 16:34 . 2007-12-11 16:34 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 16:34 . 2007-12-11 16:34 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-12-11 16:34 . 2007-12-11 16:34 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-12-11 16:32 . 2007-12-11 16:32 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-12-11 16:32 . 2007-12-11 16:32 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 16:32 . 2007-12-11 16:32 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-10 19:00 . 2007-12-10 19:00 <DIR> d-------- C:\GMouse20
2007-12-01 23:35 . 2006-09-13 14:52 561,152 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-01 23:35 . 2006-09-13 15:01 237,568 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-01 23:35 . 2005-12-30 15:34 2,864 --a------ C:\WINDOWS\system32\xvid.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-22 21:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 05:26 --------- d-----w C:\Program Files\RegistryFix
2007-12-22 03:09 --------- d-----w C:\Documents and Settings\jd\Application Data\LimeWire
2007-12-18 01:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-17 19:34 --------- d-----w C:\Program Files\Java
2007-12-11 22:34 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-12-11 22:34 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-08 19:02 --------- d-----w C:\Program Files\Yahoo!
2007-12-02 05:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-18 03:17 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-18 03:17 --------- d-----w C:\Program Files\rpg2003
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-03 20:22 --------- d-----w C:\Documents and Settings\jd\Application Data\Yahoo!
2007-11-03 19:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-01 20:04 --------- d-----w C:\Program Files\FileZilla
2007-11-01 14:03 0 ----a-w C:\Documents and Settings\jd\AutoTalkerPro20.exe
2007-10-27 00:15 --------- d-----w C:\Program Files\Zune
2007-09-04 23:56 56 --sh--r C:\WINDOWS\system32\A3D88A52D0.sys
2007-09-04 23:56 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\ex1 ----

---- Directory of C:\WINDOWS\system32\ipd1 ----

2007-12-12 11:31 9302 --a------ C:\WINDOWS\system32\ipd1\zpr121dll.exe

---- Directory of C:\WINDOWS\system32\oc9 ----

---- Directory of C:\WINDOWS\system32\shel9 ----

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" []
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-27 18:09]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 16:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-24 09:44]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-24 01:38]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

C:\Documents and Settings\Kyle\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

C:\Documents and Settings\jd\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 11:57:16]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\DOCUME~1\ALLUSE~1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

R3 atimtai;atimtai;C:\WINDOWS\system32\DRIVERS\atimtai.sys [2001-08-17 06:48]
R3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\EL556ND5.sys [2001-08-17 06:10]
R3 maestro;ESS Maestro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198xdl.sys [2002-06-20 16:53]
R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2005-06-22 18:54]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 WDHAALBA;WDHAALBAMiniPCI Winmodem;C:\WINDOWS\system32\DRIVERS\WDHAALBA.sys [2001-08-17 07:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b0a4aa71-4959-11dc-a30f-0000864da474}]
\Shell\AutoRun\command - D:\setup.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 19:05:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-24 19:07:26 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-24 12:42
.
2007-12-12 01:06:33 --- E O F ---

katana · Dec 25, 2007

That's looking a lot better

Happy Christmas

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code:

File::
C:\WINDOWS\system32\z.dat
C:\WINDOWS\system32\x.dat
Folder::
C:\WINDOWS\system32\shel9
C:\WINDOWS\system32\oc9
C:\WINDOWS\system32\ipd1
C:\WINDOWS\system32\ex1
C:\WINDOWS\system32\ineWc07

Save this as CFScript.txt and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/virusscanner

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

ComboFix Log
Kaspersky Log
How are things running now ?

Wizit · Dec 25, 2007

Thank you and Happy Christmas to you too.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 25, 2007 4:42:36 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/12/2007
Kaspersky Anti-Virus database records: 493598
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\

Scan Statistics:
Total number of scanned objects: 49276
Number of viruses found: 10
Number of infected objects: 52
Number of suspicious objects: 0
Duration of the scan process: 02:03:40

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw.zip/windows Infected: Trojan.Win32.Zapchast.dt skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw1.zip/windows Infected: Trojan.Win32.Zapchast.dt skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\jd\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package\Autofighter Cheat Package\Hackers\wpeproalpha\wpeproalpha\WPE PRO.exe Infected: Sniffer.Win32.WpePro.f skipped
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package.zip/Autofighter Cheat Package/Hackers/wpeproalpha/wpeproalpha/WPE PRO.exe Infected: Sniffer.Win32.WpePro.f skipped
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package.zip ZIP: infected - 1 skipped
C:\Documents and Settings\jd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Application Data\Microsoft\Zune\CurrentDatabase_365.wmdb Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Application Data\Yahoo\Widget Engine\Widgets DB\widgets.db Object is locked skipped
C:\Documents and Settings\jd\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\History\History.IE5\MSHist012007122520071226\index.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Temp\Perflib_Perfdata_f18.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jd\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\jd\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ComPlus Applications\qucanob.dll Object is locked skipped
C:\Program Files\ComPlus Applications\qucanob615.dll Object is locked skipped
C:\Program Files\ComPlus Applications\qucanob759.dll Object is locked skipped
C:\Program Files\ComPlus Applications\rtelecirt.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_jd.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_jd.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_jd.log Object is locked skipped
C:\qoobox\Quarantine\C\Documents and Settings\jd\winlogo.exe.vir Infected: Trojan.Win32.VB.bky skipped
C:\qoobox\Quarantine\C\Program Files\Common Files\meqot4444.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\Program Files\Common Files\meqot83122.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ipd1\zpr121dll.exe.vir Infected: Trojan-Downloader.Win32.Small.gzs skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\winlogo.exe.vir Infected: Trojan.Win32.VB.bky skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP101\A0067822.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP101\A0067831.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP101\A0067834.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067991.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067994.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067995.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067996.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067998.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067999.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068000.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068003.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068004.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068004.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068005.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068006.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068007.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068007.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP104\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP105\A0068107.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP105\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\A0069420.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\A0069421.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\A0069427.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\A0069428.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP114\A0070425.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP114\A0070426.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP115\A0070439.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP115\A0070440.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP115\A0070441.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP116\A0070450.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070466.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070466.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070467.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070468.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070469.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071467.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071477.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071477.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071478.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071480.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071481.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0072467.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0072468.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0072476.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped

Wizit · Dec 25, 2007

Thank you and Happy Christmas to you too.

KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 25, 2007 4:42:36 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/12/2007
Kaspersky Anti-Virus database records: 493598
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\

Scan Statistics:
Total number of scanned objects: 49276
Number of viruses found: 10
Number of infected objects: 52
Number of suspicious objects: 0
Duration of the scan process: 02:03:40

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw.zip/windows Infected: Trojan.Win32.Zapchast.dt skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw1.zip/windows Infected: Trojan.Win32.Zapchast.dt skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinInjectbw1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\jd\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package\Autofighter Cheat Package\Hackers\wpeproalpha\wpeproalpha\WPE PRO.exe Infected: Sniffer.Win32.WpePro.f skipped
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package.zip/Autofighter Cheat Package/Hackers/wpeproalpha/wpeproalpha/WPE PRO.exe Infected: Sniffer.Win32.WpePro.f skipped
C:\Documents and Settings\jd\Desktop\Wizit's junk\Runescape\Bots & Autos\Autofighter_Package.zip ZIP: infected - 1 skipped
C:\Documents and Settings\jd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Application Data\Microsoft\Zune\CurrentDatabase_365.wmdb Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Application Data\Yahoo\Widget Engine\Widgets DB\widgets.db Object is locked skipped
C:\Documents and Settings\jd\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\History\History.IE5\MSHist012007122520071226\index.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Temp\Perflib_Perfdata_f18.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\jd\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jd\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\jd\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

Wizit · Dec 25, 2007

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ComPlus Applications\qucanob.dll Object is locked skipped
C:\Program Files\ComPlus Applications\qucanob615.dll Object is locked skipped
C:\Program Files\ComPlus Applications\qucanob759.dll Object is locked skipped
C:\Program Files\ComPlus Applications\rtelecirt.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_jd.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_jd.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_jd.log Object is locked skipped
C:\qoobox\Quarantine\C\Documents and Settings\jd\winlogo.exe.vir Infected: Trojan.Win32.VB.bky skipped
C:\qoobox\Quarantine\C\Program Files\Common Files\meqot4444.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\Program Files\Common Files\meqot83122.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ipd1\zpr121dll.exe.vir Infected: Trojan-Downloader.Win32.Small.gzs skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\winlogo.exe.vir Infected: Trojan.Win32.VB.bky skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP101\A0067822.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP101\A0067831.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP101\A0067834.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067991.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067994.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067995.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067996.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067998.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0067999.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068000.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068003.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068004.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068004.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068005.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068006.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068007.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP103\A0068007.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP104\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP105\A0068107.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP105\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\A0069420.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\A0069421.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\A0069427.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\A0069428.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP112\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP114\A0070425.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP114\A0070426.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP115\A0070439.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP115\A0070440.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP115\A0070441.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP116\A0070450.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070466.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070466.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070467.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070468.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0070469.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071467.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071477.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071477.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071478.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071480.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP117\A0071481.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0072467.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0072468.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0072476.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0072476.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0072477.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0073467.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0073468.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0073494.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0073494.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\A0073495.exe Object is locked skipped

Wizit · Dec 25, 2007

C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP118\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP119\A0073497.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP119\A0073497.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP119\A0073499.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP119\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP120\A0073510.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP120\A0073511.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP120\A0073512.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP120\A0073513.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP120\A0073514.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP121\A0073526.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP122\A0073536.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP122\A0073537.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073560.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073561.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073568.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073569.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073570.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073571.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073573.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073574.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073575.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073576.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073577.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073578.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073579.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073580.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073581.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073582.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073583.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073584.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073585.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073586.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073587.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073589.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP123\A0073590.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP124\A0073631.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP124\A0073632.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP124\A0073639.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP124\A0073640.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP124\A0073641.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP125\A0073690.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP126\A0073746.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP126\A0073749.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP126\A0073751.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP126\A0073752.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP126\A0073760.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP126\A0073762.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP126\A0073768.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073829.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073830.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073888.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073889.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073890.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073891.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073892.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073893.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073894.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073895.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073896.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073897.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073898.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073899.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073900.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073901.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073902.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073903.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073904.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073905.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073906.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073907.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073908.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073909.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073910.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073911.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073912.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073913.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073914.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073915.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073916.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073917.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073918.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073919.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073920.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073921.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073922.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073923.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073924.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073925.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073926.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073927.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073928.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073929.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073930.exe Object is locked skipped

Wizit · Dec 25, 2007

C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073931.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073932.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073933.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073934.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073935.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073936.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073937.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073938.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073939.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073940.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073941.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073942.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073943.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073944.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073945.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073946.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073947.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073948.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073949.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073950.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073951.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073952.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073953.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073954.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073955.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073956.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073957.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073958.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073959.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073960.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073961.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073962.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073963.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073964.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073965.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073966.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073967.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073968.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073969.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073970.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073971.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073972.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073973.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073974.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073975.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073976.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073977.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073978.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073979.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073980.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073981.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073982.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073983.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073984.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073985.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073986.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073987.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073988.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073989.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073990.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073991.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073992.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073993.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073994.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073995.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073996.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073997.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073998.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0073999.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074000.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074001.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074002.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074003.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074004.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074005.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074006.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074007.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074008.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074009.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074010.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074011.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074012.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074013.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074014.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074015.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074016.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074017.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074018.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\A0074019.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP127\change.log Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP82\A0056661.exe Infected: Sniffer.Win32.WpePro.f skipped

Wizit · Dec 25, 2007

C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP97\A0066788.dll Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP97\A0067796.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP97\A0067799.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP97\A0067800.exe Object is locked skipped
C:\System Volume Information\_restore{7299DBE5-07DF-4CB2-A1A9-A9DBF91DF902}\RP97\A0067801.exe Object is locked skipped
C:\VundoFix Backups\cfjoyehl.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\dnikvuqv.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\eouqhtkr.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\gijcqsqh.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\hqpjlkrf.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\jscfmmfs.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\keskugxu.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\lvesbntv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\VundoFix Backups\npgktrlm.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\tbgsjiaa.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\tfeayqne.dll.bad Infected: Backdoor.Win32.Agent.dlj skipped
C:\VundoFix Backups\tprwdjxj.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\VundoFix Backups\unpdlupp.dll.bad Infected: Backdoor.Win32.Agent.dlj skipped
C:\VundoFix Backups\vdudvqob.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\VundoFix Backups\vptlfctr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\VundoFix Backups\xbsimgda.dll.bad Infected: Backdoor.Win32.Agent.dlj skipped
C:\VundoFix Backups\ygbbpvuu.dll.bad Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{791A0697-DA20-49D7-AD5F-701AB4DE7FB9}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe Object is locked skipped

Scan process completed.

Help me!30 Problems wont go away!

Security Expert-Emeritus

New member

Security Expert-Emeritus

New member

Security Expert-Emeritus

New member

New member

New member

New member

Security Expert-Emeritus

New member

Security Expert-Emeritus

New member

Security Expert-Emeritus

New member

New member

New member

New member

New member

New member