Trojan problem!
- Thread starter cigno
- Start date
Shaba
Security Expert: Emeritus
Hi
Do this before those steps:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
Do this before those steps:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
Dss log
Deckard's System Scanner v20070826.66
Run by Albert on 2007-08-29 13:39:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 254 MiB (512 MiB recommended).
-- HijackThis (run as Albert.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:35 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\RunServices: [jzhomjioh] C:\WINDOWS\system32\jzhomjioh.exe
O4 - HKLM\..\RunServices: [pxhmcs] C:\WINDOWS\system32\pxhmcs.exe
O4 - HKLM\..\RunServices: [mvioc] C:\WINDOWS\system32\mvioc.exe
O4 - HKLM\..\RunServices: [axnjsga] C:\WINDOWS\system32\axnjsga.exe
O4 - HKLM\..\RunServices: [lrmqkgv] C:\WINDOWS\system32\lrmqkgv.exe
O4 - HKLM\..\RunServices: [qrry] C:\WINDOWS\system32\qrry.exe
O4 - HKLM\..\RunServices: [bliuvfsw] C:\WINDOWS\system32\bliuvfsw.exe
O4 - HKLM\..\RunServices: [glrjqgk] C:\WINDOWS\system32\glrjqgk.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157130822938
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5004/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80092E24-5304-438D-A62D-F5ED41D816E6}: NameServer = 72.21.36.74
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: WinWLServiceNow - Unknown owner - C:\DOCUME~1\Albert\LOCALS~1\Temp\RAVWL.EXE (file missing)
--
End of file - 9086 bytes
-- Files created between 2007-07-29 and 2007-08-29 -----------------------------
2007-08-29 12:22:29 0 d-------- C:\WINDOWS\ERUNT
2007-08-29 10:18:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-29 10:18:50 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-28 18:01:17 0 d-------- C:\Program Files\Trend Micro
2007-08-28 17:03:55 0 d-------- C:\KAV
2007-08-25 22:27:29 32768 --a------ C:\WINDOWS\system32\PPADAPI.DLL
2007-08-25 22:27:29 17216 --a------ C:\WINDOWS\system32\drivers\PPTCHPD5.SYS
2007-08-25 22:27:29 20704 --a------ C:\WINDOWS\system32\drivers\PPMOUCLS.SYS <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2007-08-25 22:27:09 0 d-------- C:\WINPENJR
2007-08-25 18:26:37 15939 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.0.0.6>
2007-08-25 18:25:59 40960 --a------ C:\WINDOWS\system32\B11gUSB.dll
2007-08-25 18:25:59 0 d-------- C:\WINDOWS\options
2007-08-25 18:25:55 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-08-25 18:25:55 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-08-25 18:25:55 1085440 --a------ C:\WINDOWS\system32\AegisE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2007-08-25 18:25:53 0 d-------- C:\Program Files\Belkin
2007-08-16 22:40:18 582 --a------ C:\WINDOWS\eReg.dat
2007-08-16 22:12:13 0 d-------- C:\Program Files\Maxis
-- Find3M Report ---------------------------------------------------------------
2007-08-29 10:54:30 0 d-------- C:\Program Files\Starcraft
2007-08-25 23:12:14 2002 --a------ C:\Documents and Settings\Albert\Application Data\wklnhst.dat
2007-08-25 22:27:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-25 19:09:40 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-25 19:09:39 88 -r-hs---- C:\WINDOWS\system32\5ACB5CEC1D.sys
2007-08-24 15:06:15 0 d-------- C:\Program Files\Common Files
2007-07-24 15:28:03 0 d-------- C:\Program Files\msn gaming zone
2007-07-24 13:45:21 23428 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-23 22:13:55 9806 --a------ C:\binboot.exe <Not Verified; ; installer>
2007-07-22 11:22:26 0 d-------- C:\Documents and Settings\Albert\Application Data\AVG7
2007-07-21 09:36:54 0 d-------- C:\Documents and Settings\Albert\Application Data\Help
2007-07-13 00:12:50 0 d-------- C:\Documents and Settings\Albert\Application Data\Talkback
2007-07-13 00:09:53 0 d-------- C:\Documents and Settings\Albert\Application Data\Mozilla
2007-07-11 19:22:30 0 d-------- C:\Program Files\Modem Helper
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [10/02/2001 11:23 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05/31/2005 01:04 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
@=
"jzhomjioh"=C:\WINDOWS\system32\jzhomjioh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
"C:\Program Files\AIM\AIM Pro\aimpro.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gsz]
C:\WINDOWS\system32\gsz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gykbeycib]
C:\WINDOWS\system32\gykbeycib.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mfacocn]
C:\WINDOWS\system32\mfacocn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareStation]
"C:\Program Files\eAcceleration\Station\station.exe" /b Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StopSignSsTsMon]
Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
Deckard's System Scanner v20070826.66
Run by Albert on 2007-08-29 13:39:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 254 MiB (512 MiB recommended).
-- HijackThis (run as Albert.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:35 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\RunServices: [jzhomjioh] C:\WINDOWS\system32\jzhomjioh.exe
O4 - HKLM\..\RunServices: [pxhmcs] C:\WINDOWS\system32\pxhmcs.exe
O4 - HKLM\..\RunServices: [mvioc] C:\WINDOWS\system32\mvioc.exe
O4 - HKLM\..\RunServices: [axnjsga] C:\WINDOWS\system32\axnjsga.exe
O4 - HKLM\..\RunServices: [lrmqkgv] C:\WINDOWS\system32\lrmqkgv.exe
O4 - HKLM\..\RunServices: [qrry] C:\WINDOWS\system32\qrry.exe
O4 - HKLM\..\RunServices: [bliuvfsw] C:\WINDOWS\system32\bliuvfsw.exe
O4 - HKLM\..\RunServices: [glrjqgk] C:\WINDOWS\system32\glrjqgk.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157130822938
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5004/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80092E24-5304-438D-A62D-F5ED41D816E6}: NameServer = 72.21.36.74
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: WinWLServiceNow - Unknown owner - C:\DOCUME~1\Albert\LOCALS~1\Temp\RAVWL.EXE (file missing)
--
End of file - 9086 bytes
-- Files created between 2007-07-29 and 2007-08-29 -----------------------------
2007-08-29 12:22:29 0 d-------- C:\WINDOWS\ERUNT
2007-08-29 10:18:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-08-29 10:18:50 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-28 18:01:17 0 d-------- C:\Program Files\Trend Micro
2007-08-28 17:03:55 0 d-------- C:\KAV
2007-08-25 22:27:29 32768 --a------ C:\WINDOWS\system32\PPADAPI.DLL
2007-08-25 22:27:29 17216 --a------ C:\WINDOWS\system32\drivers\PPTCHPD5.SYS
2007-08-25 22:27:29 20704 --a------ C:\WINDOWS\system32\drivers\PPMOUCLS.SYS <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2007-08-25 22:27:09 0 d-------- C:\WINPENJR
2007-08-25 18:26:37 15939 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.0.0.6>
2007-08-25 18:25:59 40960 --a------ C:\WINDOWS\system32\B11gUSB.dll
2007-08-25 18:25:59 0 d-------- C:\WINDOWS\options
2007-08-25 18:25:55 94208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-08-25 18:25:55 15872 --a------ C:\WINDOWS\system32\GTNDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2007-08-25 18:25:55 1085440 --a------ C:\WINDOWS\system32\AegisE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2007-08-25 18:25:53 0 d-------- C:\Program Files\Belkin
2007-08-16 22:40:18 582 --a------ C:\WINDOWS\eReg.dat
2007-08-16 22:12:13 0 d-------- C:\Program Files\Maxis
-- Find3M Report ---------------------------------------------------------------
2007-08-29 10:54:30 0 d-------- C:\Program Files\Starcraft
2007-08-25 23:12:14 2002 --a------ C:\Documents and Settings\Albert\Application Data\wklnhst.dat
2007-08-25 22:27:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-25 19:09:40 3558 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-25 19:09:39 88 -r-hs---- C:\WINDOWS\system32\5ACB5CEC1D.sys
2007-08-24 15:06:15 0 d-------- C:\Program Files\Common Files
2007-07-24 15:28:03 0 d-------- C:\Program Files\msn gaming zone
2007-07-24 13:45:21 23428 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-23 22:13:55 9806 --a------ C:\binboot.exe <Not Verified; ; installer>
2007-07-22 11:22:26 0 d-------- C:\Documents and Settings\Albert\Application Data\AVG7
2007-07-21 09:36:54 0 d-------- C:\Documents and Settings\Albert\Application Data\Help
2007-07-13 00:12:50 0 d-------- C:\Documents and Settings\Albert\Application Data\Talkback
2007-07-13 00:09:53 0 d-------- C:\Documents and Settings\Albert\Application Data\Mozilla
2007-07-11 19:22:30 0 d-------- C:\Program Files\Modem Helper
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [10/02/2001 11:23 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 05:17 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [05/31/2005 01:04 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
@=
"jzhomjioh"=C:\WINDOWS\system32\jzhomjioh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image Transfer.lnk
backup=C:\WINDOWS\pss\Image Transfer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=C:\WINDOWS\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMPro]
"C:\Program Files\AIM\AIM Pro\aimpro.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
"C:\Program Files\Dell Support\DSAgnt.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gsz]
C:\WINDOWS\system32\gsz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gykbeycib]
C:\WINDOWS\system32\gykbeycib.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mfacocn]
C:\WINDOWS\system32\mfacocn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareStation]
"C:\Program Files\eAcceleration\Station\station.exe" /b Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StopSignSsTsMon]
Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
Dss log con.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webscan]
"C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
-- End of Deckard's System Scanner: finished at 2007-08-29 13:40:47 ------------
I put back on tea timer is that ok?
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webscan]
"C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
-- End of Deckard's System Scanner: finished at 2007-08-29 13:40:47 ------------
I put back on tea timer is that ok?
Shaba
Security Expert: Emeritus
Hi
"I put back on tea timer is that ok?"
No. Please keep it disabled until you are clean.
Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gsz]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gykbeycib]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mfacocn]
It should look like this ->
Doubleclick fix2.reg, press Yes and ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)
Open HijackThis, click do a system scan only and checkmark these:
O4 - HKLM\..\RunServices: [jzhomjioh] C:\WINDOWS\system32\jzhomjioh.exe
O4 - HKLM\..\RunServices: [pxhmcs] C:\WINDOWS\system32\pxhmcs.exe
O4 - HKLM\..\RunServices: [mvioc] C:\WINDOWS\system32\mvioc.exe
O4 - HKLM\..\RunServices: [axnjsga] C:\WINDOWS\system32\axnjsga.exe
O4 - HKLM\..\RunServices: [lrmqkgv] C:\WINDOWS\system32\lrmqkgv.exe
O4 - HKLM\..\RunServices: [qrry] C:\WINDOWS\system32\qrry.exe
O4 - HKLM\..\RunServices: [bliuvfsw] C:\WINDOWS\system32\bliuvfsw.exe
O4 - HKLM\..\RunServices: [glrjqgk] C:\WINDOWS\system32\glrjqgk.exe
O23 - Service: WinWLServiceNow - Unknown owner - C:\DOCUME~1\Albert\LOCALS~1\Temp\RAVWL.EXE (file missing)
Close all windows including browser and press fix checked.
Reboot.
Post back a fresh HijackThis log.
"I put back on tea timer is that ok?"
No. Please keep it disabled until you are clean.
Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gsz]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gykbeycib]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mfacocn]
It should look like this ->
Doubleclick fix2.reg, press Yes and ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)
Open HijackThis, click do a system scan only and checkmark these:
O4 - HKLM\..\RunServices: [jzhomjioh] C:\WINDOWS\system32\jzhomjioh.exe
O4 - HKLM\..\RunServices: [pxhmcs] C:\WINDOWS\system32\pxhmcs.exe
O4 - HKLM\..\RunServices: [mvioc] C:\WINDOWS\system32\mvioc.exe
O4 - HKLM\..\RunServices: [axnjsga] C:\WINDOWS\system32\axnjsga.exe
O4 - HKLM\..\RunServices: [lrmqkgv] C:\WINDOWS\system32\lrmqkgv.exe
O4 - HKLM\..\RunServices: [qrry] C:\WINDOWS\system32\qrry.exe
O4 - HKLM\..\RunServices: [bliuvfsw] C:\WINDOWS\system32\bliuvfsw.exe
O4 - HKLM\..\RunServices: [glrjqgk] C:\WINDOWS\system32\glrjqgk.exe
O23 - Service: WinWLServiceNow - Unknown owner - C:\DOCUME~1\Albert\LOCALS~1\Temp\RAVWL.EXE (file missing)
Close all windows including browser and press fix checked.
Reboot.
Post back a fresh HijackThis log.
HGT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:31 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157130822938
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5004/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80092E24-5304-438D-A62D-F5ED41D816E6}: NameServer = 72.21.36.74
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
--
End of file - 8376 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:31 PM, on 8/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157130822938
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5004/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80092E24-5304-438D-A62D-F5ED41D816E6}: NameServer = 72.21.36.74
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
--
End of file - 8376 bytes
Shaba
Security Expert: Emeritus
Hi
Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Post:
- a fresh HijackThis log
- kaspersky report
Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then start to download the latest definition files.
- Once the scanner is installed and the definitions downloaded, click Next.
- Now click on Scan Settings
- In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
- Click OK
- Now under select a target to scan select My Computer
- The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button
- Save the file to your desktop.
- Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Post:
- a fresh HijackThis log
- kaspersky report
LONG scan log
hursday, August 30, 2007 2:16:38 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 30/08/2007
Kaspersky Anti-Virus database records: 399242
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 128916
Number of viruses found 17
Number of infected objects 206
Number of suspicious objects 6
Duration of the scan process 02:46:43
Infected Object Name Virus Name Last Action
C:\binboot.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\cert8.db Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\history.dat Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\key3.db Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\parent.lock Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Albert\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b104.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b136.exe/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b136.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b136.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b136.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/jzhomjioh.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/msiexec.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/ovmr.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip ZIP: infected - 12 skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\AOL OCP\AIM\Storage\data\da2006fong\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Albert\ntuser.dat Object is locked
hursday, August 30, 2007 2:16:38 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 30/08/2007
Kaspersky Anti-Virus database records: 399242
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 128916
Number of viruses found 17
Number of infected objects 206
Number of suspicious objects 6
Duration of the scan process 02:46:43
Infected Object Name Virus Name Last Action
C:\binboot.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\cert8.db Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\history.dat Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\key3.db Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\parent.lock Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Albert\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Albert\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b104.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b136.exe/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b136.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b136.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b136.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/jzhomjioh.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/msiexec.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip/backups/ovmr.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\Albert\Desktop\SDFix\backups\backups.zip ZIP: infected - 12 skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\AOL OCP\AIM\Storage\data\da2006fong\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Application Data\Mozilla\Firefox\Profiles\6354hgc9.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Albert\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Albert\ntuser.dat Object is locked
con.
C:\Documents and Settings\Albert\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip/retadpu450.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt8.zip/retadpu450.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt8.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject2.zip/uninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Application Data\WinTouch\WinTouch.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\LocalService\Application Data\WinTouch\WTUninstaller.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\wintouch.prod.v10007.12jul2007.exe[1].619077c6721280bf3c53475cbdc668de Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\B[1].exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\B[2].exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[1].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[2].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[3].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[4].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[5].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[6].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[7].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\wtuninstaller.prod.v10007.12jul2007.exe[1].7debedc8315e1da50a742a6a0a5c161f Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\retadpu[1].exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\retadpu[2].exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\412splashfree.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\createtimes.cache Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\data.ser Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\fileurns.bak Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\fileurns.cache Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\filters.props Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\gnutella.net Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\installation.props Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\library.dat Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\limewire.props Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\pub1.key Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\public.key Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\questions.props Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\responses.cache
C:\Documents and Settings\Albert\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip/retadpu450.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt8.zip/retadpu450.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentqt8.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject2.zip/uninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Application Data\WinTouch\WinTouch.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\LocalService\Application Data\WinTouch\WTUninstaller.exe Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0X6BKPI7\wintouch.prod.v10007.12jul2007.exe[1].619077c6721280bf3c53475cbdc668de Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\B[1].exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4PANWHMV\B[2].exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[1].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[2].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[3].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[4].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[5].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[6].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\three[7].exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ODAJCD6Z\wtuninstaller.prod.v10007.12jul2007.exe[1].7debedc8315e1da50a742a6a0a5c161f Infected: Trojan-Downloader.Win32.Agent.buo skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\retadpu[1].exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W9QVGTUZ\retadpu[2].exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\412splashfree.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\createtimes.cache Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\data.ser Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\fileurns.bak Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\fileurns.cache Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\filters.props Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\gnutella.net Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\installation.props Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\library.dat Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\limewire.props Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\pub1.key Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\public.key Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\questions.props Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\responses.cache
C:\Documents and Settings\Matthew\.limewire\secureMessage.key Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\simpp.xml Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\spam.dat Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\tables.props Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\01_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\dir_closed.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\dir_open.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\kill_on.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\lime.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\logo.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\notsearching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\question.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\splash.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme.lwtp Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\01_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\dir_closed.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\dir_open.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\logo.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\notsearching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\question.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\search.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\splash.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme.lwtp Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\01_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\dir_closed.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\dir_open.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\kill_on.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\lime.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\logo.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\notsearching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\question.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\splash.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme.lwtp Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\01_star.gif
C:\Documents and Settings\Matthew\.limewire\simpp.xml Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\spam.dat Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\tables.props Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\01_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\dir_closed.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\dir_open.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\kill_on.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\lime.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\logo.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\notsearching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\question.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\splash.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\black_theme.lwtp Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\01_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\dir_closed.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\dir_open.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\logo.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\notsearching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\question.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\search.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\splash.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\classic_theme.lwtp Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\01_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\dir_closed.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\dir_open.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\kill_on.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\lime.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\logo.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\notsearching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\question.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\splash.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\limewire_theme.lwtp Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\01_star.gif
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\kill_on.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\logo.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\notsearching.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\question.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\splash.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme.lwtp Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\01_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\kill_on.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\logo.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\notsearching.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\question.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\splash.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme.lwtp Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\ttree.cache Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\update.xml Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\version.key Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\version.xml Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\data\application.sxml Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\data\audio.sxml Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\data\delete_me Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\data\video.sxml Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\misc\application.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\misc\audio.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\misc\document.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\misc\image.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\misc\video.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\schemas\application.xsd Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\schemas\audio.xsd Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\schemas\document.xsd Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\schemas\image.xsd Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\schemas\video.xsd Object is locked skipped
C:\Documents and Settings\Matthew\AIMPro\Archive\da2006fong\dafendar.htm Object is locked skipped
C:\Documents and Settings\Matthew\AIMPro\Archive\da2006fong\lilmissinocent7.htm Object is locked skipped
C:\Documents and Settings\Matthew\AIMPro\Archive\da2006fong\pureebear101.htm Object is locked skipped
C:\Documents and Settings\Matthew\AIMPro\Archive\da2006fong\xmselephant.htm Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\acccore\caches\bart\0\0201D20289 Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\acccore\caches\bart\0\0201D202C2 Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\acccore\caches\bart\0\0201D205A1 Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\acccore\caches\bart\0\0201D2062C Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\acccore\caches\bart\0\0201D2181F
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\kill_on.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\logo.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\notsearching.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\question.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\splash.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\other_theme.lwtp Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\01_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\02_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\03_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\04_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\05_star.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\chat.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\forward_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\forward_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\kill.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\kill_on.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\logo.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\notsearching.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\pause_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\pause_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\play_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\play_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\question.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\rewind_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\rewind_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\searching.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\splash.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\splashpro.png Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\stop_dn.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\stop_up.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\theme.txt Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme\warning.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\themes\windows_theme.lwtp Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\ttree.cache Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\update.xml Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\version.key Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\version.xml Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\data\application.sxml Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\data\audio.sxml Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\data\delete_me Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\data\video.sxml Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\misc\application.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\misc\audio.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\misc\document.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\misc\image.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\misc\video.gif Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\schemas\application.xsd Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\schemas\audio.xsd Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\schemas\document.xsd Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\schemas\image.xsd Object is locked skipped
C:\Documents and Settings\Matthew\.limewire\xml\schemas\video.xsd Object is locked skipped
C:\Documents and Settings\Matthew\AIMPro\Archive\da2006fong\dafendar.htm Object is locked skipped
C:\Documents and Settings\Matthew\AIMPro\Archive\da2006fong\lilmissinocent7.htm Object is locked skipped
C:\Documents and Settings\Matthew\AIMPro\Archive\da2006fong\pureebear101.htm Object is locked skipped
C:\Documents and Settings\Matthew\AIMPro\Archive\da2006fong\xmselephant.htm Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\acccore\caches\bart\0\0201D20289 Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\acccore\caches\bart\0\0201D202C2 Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\acccore\caches\bart\0\0201D205A1 Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\acccore\caches\bart\0\0201D2062C Object is locked skipped
C:\Documents and Settings\Matthew\Application Data\acccore\caches\bart\0\0201D2181F
OK i skipped everything thats locked
C:\Documents and Settings\Matthew\Local Settings\Temp\Temporary Directory 1 for pokemon pearl rom_fastest_BitTorrent_downloader.zip\BitDownload-3.0-setup.exe/file12 Infected: Trojan.Win32.Inject.ba skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\Temporary Directory 1 for pokemon pearl rom_fastest_BitTorrent_downloader.zip\BitDownload-3.0-setup.exe Inno: infected - 1 skipped
C:\Documents and Settings\Matthew\My Documents\picture006-dyedhair.jpg-www.facebook.com Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\Temporary Directory 1 for pokemon pearl rom_fastest_BitTorrent_downloader.zip\BitDownload-3.0-setup.exe/file12 Infected: Trojan.Win32.Inject.ba skipped
C:\Documents and Settings\Matthew\Local Settings\Temp\Temporary Directory 1 for pokemon pearl rom_fastest_BitTorrent_downloader.zip\BitDownload-3.0-setup.exe Inno: infected - 1 skipped
C:\Documents and Settings\Matthew\My Documents\picture006-dyedhair.jpg-www.facebook.com Infected: Backdoor.Win32.SdBot.aad skipped
\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader\BitDownload-3.0-setup.exe/file12 Infected: Trojan.Win32.Inject.ba skipped
C:\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader\BitDownload-3.0-setup.exe Inno: infected - 1 skipped
C:\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader.zip/BitDownload-3.0-setup.exe/file12 Infected: Trojan.Win32.Inject.ba skipped
C:\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader.zip/BitDownload-3.0-setup.exe Infected: Trojan.Win32.Inject.ba skipped
C:\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader.zip ZIP: infected - 2
C:\Documents and Settings\Timothy\Local Settings\Temp\avs75.exe/data0006 Infected: not-a-virus:FraudTool.Win32.SpyLocked.a skipped
C:\Documents and Settings\Timothy\Local Settings\Temp\avs75.exe NSIS: infected - 1 skipped
C:\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll Infected: not-a-virus:AdWare.Win32.Comet.ac skipped
C:\RECYCLER\S-1-5-21-598908736-2064602688-1726924881-1009\Dc1.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.f skipped
C:\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader\BitDownload-3.0-setup.exe Inno: infected - 1 skipped
C:\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader.zip/BitDownload-3.0-setup.exe/file12 Infected: Trojan.Win32.Inject.ba skipped
C:\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader.zip/BitDownload-3.0-setup.exe Infected: Trojan.Win32.Inject.ba skipped
C:\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader.zip ZIP: infected - 2
C:\Documents and Settings\Timothy\Local Settings\Temp\avs75.exe/data0006 Infected: not-a-virus:FraudTool.Win32.SpyLocked.a skipped
C:\Documents and Settings\Timothy\Local Settings\Temp\avs75.exe NSIS: infected - 1 skipped
C:\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll Infected: not-a-virus:AdWare.Win32.Comet.ac skipped
C:\RECYCLER\S-1-5-21-598908736-2064602688-1726924881-1009\Dc1.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002357.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002357.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002357.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002357.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002357.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002358.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004792.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004859.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004860.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004861.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004862.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004862.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004862.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004862.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004863.exe/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004863.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004863.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004863.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004864.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004873.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004873.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004873.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004873.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004874.exe/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004874.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004874.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004874.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004875.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004876.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004877.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004878.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004907.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004908.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004909.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004910.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004911.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004912.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004913.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004914.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004915.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004916.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004917.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004918.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004919.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004920.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004921.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004922.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004923.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004924.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004925.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004926.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004927.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004928.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004929.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004930.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004931.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004932.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004933.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004934.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004935.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004936.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004937.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004938.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004939.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004940.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004941.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004942.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004943.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004944.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004945.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004946.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004947.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004948.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004949.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004950.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004951.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004952.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004953.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004954.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004955.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004956.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004957.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004958.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004959.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004960.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004961.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004962.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004963.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004964.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004965.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004966.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004967.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004968.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004969.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004970.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004971.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004972.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004973.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004974.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004975.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004976.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004977.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004978.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004979.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004980.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004981.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004982.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004983.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004984.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004985.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004987.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004988.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004989.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004990.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004991.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004992.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004993.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004994.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004995.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004996.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004997.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005000.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005001.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005002.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005003.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005004.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005005.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005006.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005007.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005008.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005009.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005010.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005011.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005012.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002357.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002357.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002357.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002357.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002358.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004792.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004859.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004860.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004861.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004862.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004862.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004862.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004862.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004863.exe/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004863.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004863.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004863.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004864.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004873.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004873.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004873.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004873.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004874.exe/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004874.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004874.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004874.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004875.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004876.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004877.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP16\A0004878.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004907.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004908.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004909.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004910.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004911.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004912.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004913.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004914.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004915.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004916.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004917.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004918.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004919.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004920.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004921.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004922.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004923.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004924.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004925.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004926.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004927.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004928.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004929.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004930.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004931.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004932.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004933.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004934.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004935.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004936.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004937.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004938.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004939.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004940.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004941.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004942.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004943.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004944.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004945.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004946.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004947.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004948.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004949.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004950.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004951.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004952.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004953.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004954.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004955.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004956.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004957.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004958.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004959.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004960.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004961.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004962.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004963.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004964.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004965.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004966.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004967.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004968.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004969.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004970.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004971.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004972.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004973.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004974.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004975.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004976.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004977.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004978.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004979.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004980.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004981.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004982.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004983.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004984.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004985.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004987.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004988.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004989.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004990.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004991.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004992.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004993.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004994.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004995.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004996.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0004997.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005000.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005001.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005002.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005003.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005004.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005005.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005006.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005007.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005008.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005009.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005010.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005011.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005012.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005019.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005020.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005021.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005022.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005023.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005024.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005025.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005026.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005027.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005028.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005029.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005030.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005031.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005032.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005033.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005034.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005035.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005036.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005037.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005038.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005039.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005040.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005041.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005042.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005043.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005020.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005021.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005022.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005023.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005024.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005025.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005026.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005027.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005028.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005029.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005030.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005031.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005032.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005033.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005034.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005035.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005036.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005037.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005038.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005039.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005040.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005041.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005042.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP17\A0005043.exe Infected: Trojan.Win32.Obfuscated.gy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP18\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Hgt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:41 PM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\RunServices: [jzhomjioh] C:\WINDOWS\system32\jzhomjioh.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157130822938
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5004/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80092E24-5304-438D-A62D-F5ED41D816E6}: NameServer = 72.21.36.74
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
--
End of file - 8477 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:41 PM, on 8/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\BrmfBAgS.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\RunServices: [jzhomjioh] C:\WINDOWS\system32\jzhomjioh.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports.com/downloads/games/common/ieell.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157130822938
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5004/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80092E24-5304-438D-A62D-F5ED41D816E6}: NameServer = 72.21.36.74
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Brother BidiAgent Service for Resource manager (brmfbags) - Brother Industries, Ltd. - C:\WINDOWS\system32\BrmfBAgS.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
--
End of file - 8477 bytes
Shaba
Security Expert: Emeritus
Hi
"Is skipped all of the locked ones that are on my brothers account becasue he put a stupid password on his account so probably I'm guessing thats why all the objects are locked."
No need
Uninstall via add/remove programs if present:
Screensavers.com
Re-enable system restore with instructions from tutorial above
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows
Empty these folders:
C:\Documents and Settings\Albert\Desktop\SDFix\backups
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Timothy\Local Settings\Temp\
Delete these:
C:\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader
C:\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader.zip
C:\Program Files\Screensavers.com
Empty Recycle Bin
Re-scan with kaspersky
Post:
- a fresh HijackThis log
- kaspersky report
"Is skipped all of the locked ones that are on my brothers account becasue he put a stupid password on his account so probably I'm guessing thats why all the objects are locked."
No need
Uninstall via add/remove programs if present:
Screensavers.com
- Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide
Re-enable system restore with instructions from tutorial above
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows
Empty these folders:
C:\Documents and Settings\Albert\Desktop\SDFix\backups
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Timothy\Local Settings\Temp\
Delete these:
C:\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader
C:\Documents and Settings\Matthew\Shared\pokemon pearl rom_fastest_BitTorrent_downloader.zip
C:\Program Files\Screensavers.com
Empty Recycle Bin
Re-scan with kaspersky
Post:
- a fresh HijackThis log
- kaspersky report