SurfSideKick; Windows Security Center disabled

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d56de7c2cec8b36575273785a25c6500_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d6435fd72ea587606c252efd6dab56c0_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d780ff85a83566fc114c1205906a9c54_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d7c6e208877ff8ba3e3f01834a8647a1_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d919a6d5264c0cf35c401a73005bed1d_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d945dbcacf19f813f2fc47ad393f0407_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc3c9c1d95630b10c4725f04f80be70a_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc41ab4024b0e8cc8c3eeb0d64a1b037_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc898e0f21e5ffc8837e007e8cee7764_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dd7194af77fcf34d45530247ae463f82_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dfed01e1e86bb7f3f3ce8dc55ebd420c_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dfed1ce899074cd1679ecc405b58dbde_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e0c25c4dbe7ad75328500a958948eb5a_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e18332ecd1ceaefdd4c03f54dd7e9286_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2efab96355376d150a32dd1ee78d824_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2fe99fc22bdcc2b5d2ab444368b6ba1_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e3d9b3442468680c151ec55b8a6ef110_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e462c7f76590ce4dbe131938e534f037_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e48fbf931997867e5a00dc0987253266_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4f47ca5868ec00bafa64cb25aac2b8b_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e5114a6ee064eece4668e1763937b965_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e5e86f3a9a27171ffc441d15de1ccdbf_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e61032e6e1283eae90a0292b10774a26_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e9339d03ab676829b8fb83d071066ca3_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e95b2a256e89398813a7b162489c3715_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ed752ce6f00a2f6372a1d8ba39d40e2a_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eea014a83f71e551ef1ce4fd819e805e_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ef4c40eb950420aeca6635c83ec3b977_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ef84be0948873e09a8d66c784c99dbaf_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f0c84d396ed76fed734758055c8fc825_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f1cbaa6bee7c296579323e343afe432a_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2a699bcd2aff8de60a339fa5593840e_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2cd48c77b3972501ec43bd910e11e7f_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
 
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f2fde229cdb5969a4377353b91737ee5_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f4998af1fa63032c5c54c1306ff71a51_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f5bf9ab3070c5367c4746506f9216a2e_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f5c734efe36f0bbc78bcc2e75b88ec85_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f610909e4d8dcd4fcf77d73ab0d014fb_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f616f09374f4fe2ea88eac4ec83154c6_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f7b3c4db103359ee15d0533f89a5c7f2_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f803d981ba2b8b1c08b1e1fc2428af52_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f80aec8aa76e40fafe7bdc9253f84310_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8ad67ea6628918938a19332eb882e13_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8ccdc8d273115a42b9ed5a2577951bc_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb271ab658b31d122722c572a7f43865_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fbc67b4a9050806e80fabd9100ef4996_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fe215c10295a73a26dfbac3ce6fefa73_c39238ee-5c74-4950-912d-6feaf8514074 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-07212006-175902.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20060816_Time-124043781_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20060816_Time-124043781_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_WEIJIA-PC.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_WEIJIA-PC.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3636GVY6\vacationimages[1].zip/data.rar/aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3636GVY6\vacationimages[1].zip/data.rar/aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3636GVY6\vacationimages[1].zip/data.rar/aupdate32.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3636GVY6\vacationimages[1].zip/data.rar/winupdate.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3636GVY6\vacationimages[1].zip/data.rar Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3636GVY6\vacationimages[1].zip RarSFX: infected - 5 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6TIZTMJ9\vacationimages[1].zip/data.rar/aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6TIZTMJ9\vacationimages[1].zip/data.rar/aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6TIZTMJ9\vacationimages[1].zip/data.rar/aupdate32.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6TIZTMJ9\vacationimages[1].zip/data.rar/winupdate.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6TIZTMJ9\vacationimages[1].zip/data.rar Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6TIZTMJ9\vacationimages[1].zip RarSFX: infected - 5 skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RAFN5E7N\vacationimages[1].zip/data.rar/aupdate32.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RAFN5E7N\vacationimages[1].zip/data.rar/aupdate32.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RAFN5E7N\vacationimages[1].zip/data.rar/aupdate32.exe Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RAFN5E7N\vacationimages[1].zip/data.rar/winupdate.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RAFN5E7N\vacationimages[1].zip/data.rar Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RAFN5E7N\vacationimages[1].zip RarSFX: infected - 5 skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP237\A0030779.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP244\A0032049.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP244\A0032064.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP244\A0032084.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP253\A0033196.exe/data0002 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP253\A0033196.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP253\A0033196.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP263\A0038253.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0038564.exe Infected: Trojan-Downloader.Win32.VB.ada skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039550.exe Infected: Trojan-Downloader.Win32.Adload.cy skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039551.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039552.exe Infected: Trojan-Downloader.Win32.Adload.cu skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039553.exe Infected: Trojan-Downloader.Win32.Adload.cy skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039554.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039555.exe Infected: Trojan-Clicker.Win32.VB.nh skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039556.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039557.exe Infected: Trojan-PSW.Win32.LdPinch.arr skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039563.exe Infected: Trojan-PSW.Win32.LdPinch.arr skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039575.exe Infected: Trojan-Downloader.Win32.Adload.de skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039576.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039581.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039581.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039581.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039582.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039582.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039582.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039583.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039583.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039583.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039584.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039584.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039584.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039585.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039585.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.q skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP266\A0039585.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP267\A0039668.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP267\A0039669.exe Infected: Trojan-PSW.Win32.LdPinch.arr skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP267\A0039768.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP267\A0039779.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP268\A0039807.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP268\A0039818.exe Infected: Backdoor.Win32.HacDef.fw skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP270\A0041052.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP270\A0041053.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP270\A0041054.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP270\A0041055.exe Infected: Trojan.Win32.Runner.j skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP270\A0041056.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP274\A0041237.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP291\A0042079.exe Infected: Trojan-Downloader.Win32.Adload.db skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP291\A0042082.exe Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP291\A0042083.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP291\A0042084.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP291\A0042085.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP291\A0042086.exe Infected: Trojan.Win32.Runner.j skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP291\A0042087.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP291\A0042088.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP295\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Documents and Settings\Administrator\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP295\change.log Object is locked skipped
D:\WINNT\lycos.exe/data0004 Infected: not-a-virus:AdWare.Win32.Sidesearch.a skipped
D:\WINNT\lycos.exe NSIS: infected - 1 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{1E460332-E7DF-4D3B-80F9-D237944CBABB}\RP295\change.log Object is locked skipped

Scan process completed.
 
Find.txt

.COM files in C:\WINDOWS\system32:
------------------------------------

chcp.com
command.com
diskcomp.com
diskcopy.com
edit.com
format.com
graftabl.com
graphics.com
kb16.com
loadfix.com
locate.com
mode.com
more.com
tree.com
win.com

.COM files in C:\WINDOWS:
---------------------------

Session Manager Check
---------------------

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
windir REG_EXPAND_SZ %SystemRoot%
FP_NO_HOST_CHECK REG_SZ NO
OS REG_SZ Windows_NT
PROCESSOR_ARCHITECTURE REG_SZ x86
PROCESSOR_LEVEL REG_SZ 15
PROCESSOR_IDENTIFIER REG_SZ x86 Family 15 Model 28 Stepping 0, AuthenticAMD
PROCESSOR_REVISION REG_SZ 1c00
NUMBER_OF_PROCESSORS REG_SZ 1
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
CLASSPATH REG_EXPAND_SZ .;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
QTJAVA REG_EXPAND_SZ C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
 
Hi Renegade

The logs looking ok so Im not sure what the issue is with command.com but as the AV scans and Rootkit scans are not showing any active infections its difficult to know what to suggest.

Can you go to Start Menu > My Computer > C:\Drive > Windows > System32

then double click command.com and let me know what it does.

The scan report is showing this

D:\WINNT

do you also have a Windows folder setup on your D:\Drive ?

Please delete this file :

D:\WINNT\lycos.exe

Also delete the SDFix folder if its still on your system as it contains a backup of one of the hackerdefender components, its only a temp file but the folder should still be removed.

Run Ccleaner again to clear out the Temporary Internet Files as there is some Adware components in there, it's also worth installing SpywareBlaster if it isnt already on the system as it will help to prevent the malware being able to get back on your system.

http://www.javacoolsoftware.com/spywareblaster.html

The scan detected a variant of Trojan-PSW.Win32.LdPinch has been on your system at some stage so you should change all passwords for any sites you use, especially any confidential sites such as ebay, paypal, banking, email etc.. as there is no way of knowing if any information was stolen.

Finally clear the system restore points and start a new one as alot are infected

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

It might also be worth running the System File Checker using your windows disk to make sure none of the protected files are damaged or missing.

Goto Start Menu -> Run -> type

SFC /SCANNOW

(There's a space after SFC) , Press OK and it will run the System File Checker. Follow the prompts, and insert your Windows installation CD if requested then reboot the computer after it has finished.

Apart from that the logs are all looking fine, the export results are fine and command.com is present, the registry paths also look fine, the rootkit scans do not show any rootkits present and the Kaspersky scan isnt showing any active infections and is mostly detecting files in the temporary folder and system restore so the above steps should clear those out.

Let us know if you can run command.com by opening the system32 folder and double clicking the file and if you are still noticing any remaining problems.

Cheers

Andy
 
Last edited:
i tried to open the command.com but it said it could not be found. very strange.

also for the sfc /scannow... it asked me to put the XP professional pack cd in, but i don't have that... all my microsoft stuff is from the office 2000 cd (from my old computer.)

as for the D drive, i'm not totally sure but it may be that i do have all the windows files on there as well... the D drive was from my old computer, which we took out and put into the new one when our old computer refused to boot up anymore for some reason.

i did everything else and it went fine. as of now there are no other problems that i can see and the computer appears to be working pretty much normally.
 
Hi Renegade

I think we have checked everything possible regarding any malware or rootkit infections but something does sound abit damaged on your system, if you had the original Windows disk I would suggest backing up all your important data and either performing a repair install of Windows or a full format and reinstall but if you only have the office 2000 cd it wouldn't be possible to repair the system using that.

If everything else is working fine then its maybe best to leave things as they are and then if you have any problems in the future we can help more as I dont think asking you to run more scanners is going to solve the issue based on the results up to now. If you would like to try some more scans then we can use them but I didnt want to waste your time as it sounds like a repair install of Windows maybe needed here as the problem you are having isnt common but without the Windows disk it wouldnt be possible to do that.

Leave it a few days and let us know how things are running and if you feel there is still any problems

Thanks

Andy
 
-nod- i agree... besides i think you must have spent much too much time trying to help me anyways xD

also i have a question.... someone i know suggested to me that if all else failed, i could back up any important files to flash drive(s) and then reformat the hard disk. i realize i'd have to reinstall all the programs if i did this, but if it will completely fix all the problems, then i'd be willing to do that. what are your thoughts on this?
 
Hey Renegade,

Its not a problem regarding time, Im always happy to help where I can but I didnt want to make you go round in circles and end up with the same issue as there is no signs of remaining malware problems at this stage.

A format and reinstall of the OS would fully fix any remaining problems but if you do not have a Windows Disk though I dont think that is an option as the office 2000 cd would be just a collection of office tools, you read more about that here

http://www.bcschools.net/staff/MicrosoftOffice.htm

If you can format though then it would solve any remaining issues and anytime a backdoor infection has been found which is the case on your system as you had a backdoor trojan and parts of the hacker defender rootkit installed, a format should really be considered as its difficult to know what damage has been caused if the backdoor was used and someone had access to your system

You can read more about formatting here

http://www.michaelstevenstech.com/format_XP.htm
http://support.microsoft.com/?kbid=313348

or info on a repair install here which would allow you to repair damage without losing all your data

http://www.michaelstevenstech.com/XPrepairinstall.htm

Both options would require a genuine Windows XP disk though

Let us know how it goes or if you have any problems

Andy
 
alright, thanks =) i'll look into these. i do have the windows xp disk installation disk but not the professional pack disks.
 
Sorry for the delay, If you have the installation disk then you should be able to repair or format using that, you would have to get the protection programs in place first then visit Windows Updates to get all the available updates and keep going back after reboots until you have them all installed again, if you have all the other disks to reinstall programs or can backup data to disk first then it shouldnt take you too long to get back up and running.

Let us know if we can help more anytime

Regards

Andy
 
okay, then i'll probably reformat once i get everything i need backed up =)

thank you for all your help! and i hopefully won't need to come back here for help lol.
 
I agree, we would rather not have repeat customers for your sake :)

Information on how to prevent malware and to explain how you got infected can be found Here (By Tony Klein)

but let us know if you have questions or problems anytime

All The Best

Andy
 
Well you all did a lot of work, good luck for the future renegade. :)

This topic has been archived.
 
You must log in or register to reply here.
Back
Top