C:\Program Files\Ultima Online 2D\Desktop2\newbies13\RunUO Test Cent\Funk You\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\The Abnormal Ag\Slut Butt\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\The Abnormal Ag\Slut Butt\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\The Abnormal Ag\Slut Butt\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\The Abnormal Ag\Slut Butt\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\The Abnormal Ag\Slut Butt\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\Undying Lands\Stevy Likeshead\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\Undying Lands\Stevy Likeshead\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\Undying Lands\Stevy Likeshead\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\Undying Lands\Stevy Likeshead\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\Undying Lands\Stevy Likeshead\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\UOGamers\Bubbles\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\UOGamers\Bubbles\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\UOGamers\Bubbles\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\UOGamers\Bubbles\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\UOGamers\Bubbles\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\UOGamers\Tinky\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\UOGamers\Tinky\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\UOGamers\Tinky\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\UOGamers\Tinky\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies13\UOGamers\Tinky\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies132\In Por Ylem\bushwaka\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies132\In Por Ylem\bushwaka\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies132\In Por Ylem\bushwaka\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies132\In Por Ylem\bushwaka\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies132\In Por Ylem\bushwaka\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies132\In Por Ylem\mr_poison_\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies132\In Por Ylem\mr_poison_\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies132\In Por Ylem\mr_poison_\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies132\In Por Ylem\mr_poison_\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Cetus\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Cetus\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Cetus\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Cetus\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Cetus\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Counselor Cetus\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Counselor Cetus\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Counselor Cetus\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Counselor Cetus\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Counselor Cetus\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Green Giant\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Green Giant\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Green Giant\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Green Giant\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Green Giant\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Lord British\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Lord British\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Lord British\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Lord British\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Lord British\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Ninja Cetus\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Ninja Cetus\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Ninja Cetus\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Ninja Cetus\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Ninja Cetus\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Senior Counselor Cetus\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Senior Counselor Cetus\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Senior Counselor Cetus\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Senior Counselor Cetus\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Senior Counselor Cetus\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Senior Counselor Cetus\uo.cfg Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Soul Reaper\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Soul Reaper\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Soul Reaper\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Soul Reaper\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\In Por Ylem\Soul Reaper\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\newbies234\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\Gatemaster\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\Gatemaster\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\Gatemaster\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\Gatemaster\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\Gatemaster\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\Gatemaster\uo.cfg Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\GimpMage\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\GimpMage\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\GimpMage\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\GimpMage\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\GimpMage\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\GimpMage\uo.cfg Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\JackOfAllTrades\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\JackOfAllTrades\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\JackOfAllTrades\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\JackOfAllTrades\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\JackOfAllTrades\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\JackOfAllTrades\uo.cfg Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\SupaFisher\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\SupaFisher\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\SupaFisher\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\SupaFisher\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\SupaFisher\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\TwoShot\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\TwoShot\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\TwoShot\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\TwoShot\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\TwoShot\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\YlemPorIn\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\YlemPorIn\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\YlemPorIn\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\YlemPorIn\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka\In Por Ylem\YlemPorIn\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka2\In Por Ylem\aa\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka2\In Por Ylem\aa\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka2\In Por Ylem\aa\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka2\In Por Ylem\aa\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka2\In Por Ylem\aa\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka2\In Por Ylem\dsf\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka2\In Por Ylem\dsf\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka2\In Por Ylem\dsf\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka2\In Por Ylem\dsf\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka2\In Por Ylem\dsf\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka2\In Por Ylem\sdf\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka2\In Por Ylem\sdf\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka2\In Por Ylem\sdf\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka2\In Por Ylem\sdf\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka2\In Por Ylem\sdf\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\banananan\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\banananan\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\banananan\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\banananan\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\banananan\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\deleteme\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\deleteme\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\deleteme\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\deleteme\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\deleteme\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\dropdabomb\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\dropdabomb\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\dropdabomb\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\dropdabomb\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\dropdabomb\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\healstuffgood\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\healstuffgood\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\healstuffgood\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\healstuffgood\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\healstuffgood\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\healstuffgood\uo.cfg Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\maceme\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\maceme\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\maceme\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\maceme\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\maceme\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\oooppoo\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\oooppoo\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\oooppoo\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\oooppoo\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\oooppoo\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\poisonU\chardata.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\poisonU\desktop.uos Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\poisonU\macros.txt Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\poisonU\Multicache.dat Object is locked skipped
C:\Program Files\Ultima Online 2D\Desktop2\supacracka3\In Por Ylem\poisonU\skillgrp.mul Object is locked skipped
C:\Program Files\Ultima Online 2D\uog\6P\l Object is locked skipped
C:\Program Files\Ultima Online 2D\uog\6Y\l Object is locked skipped
C:\Program Files\Ultima Online 2D\uog\AF\l Object is locked skipped
C:\Program Files\Ultima Online 2D\uog\HK\l Object is locked skipped
C:\Program Files\Ultima Online 2D\uog\PH\l Object is locked skipped
C:\Program Files\Ultima Online 2D\uog\WN\l Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\D2\cabwbdll.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\f02WtR\f02WtR1065.exe.vir Infected: Trojan-Downloader.Win32.VB.bgd skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP858\A0155120.exe Infected: Trojan-Downloader.Win32.Homles.bo skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP874\A0161623.exe/data0006 Infected: Trojan-Downloader.Win32.VB.enh skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP874\A0161623.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP875\A0161753.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP875\A0161754.exe Infected: Trojan-Downloader.Win32.VB.bgd skipped
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP876\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB832353$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallKB832353$\wmp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Lucent Win Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\logXv01\logXv011065.exe Infected: Trojan-Downloader.Win32.VB.enh skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
Scan process completed.
==============================================
ComboFix 08-05-25.5 - Owner 2008-05-26 8:52:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510 [GMT -7:00]
Running from: C:\Documents and Settings\All Users\Documents\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007 Free
C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007 Free\DownloadUWAS7.url
C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\Owner\Application Data\WinAntiSpyware 2007\Logs\update.log
C:\Documents and Settings\Owner\My Documents\SEMBLY~1
C:\Documents and Settings\Owner\My Documents\SEMBLY~1\??sembly\
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\mantec~1
C:\WINDOWS\BM3f3acf35.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\Quarantine
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aficiomq.ini
C:\WINDOWS\system32\avgspfbc.ini
C:\WINDOWS\system32\axfiaory.ini
C:\WINDOWS\system32\brlkvsbj.exe
C:\WINDOWS\system32\cgcbacdk.ini
C:\WINDOWS\system32\CLnUEfhk.ini
C:\WINDOWS\system32\CLnUEfhk.ini2
C:\WINDOWS\system32\cnpfofie.ini
C:\WINDOWS\system32\D2
C:\WINDOWS\system32\D2\cabwbdll.exe
C:\WINDOWS\system32\deKQYJjl.ini
C:\WINDOWS\system32\deKQYJjl.ini2
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dNTAHkkj.ini
C:\WINDOWS\system32\dNTAHkkj.ini2
C:\WINDOWS\system32\drivers\4_stars.gif
C:\WINDOWS\system32\drivers\5_stars.gif
C:\WINDOWS\system32\drivers\buy_btn.gif
C:\WINDOWS\system32\drivers\download_btn.gif
C:\WINDOWS\system32\drivers\features.gif
C:\WINDOWS\system32\drivers\logo_bg.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\perfect_cleaner_box_small.jpg
C:\WINDOWS\system32\drivers\perfect_cleaner_header.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_header_small.gif
C:\WINDOWS\system32\drivers\protect.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
C:\WINDOWS\system32\drivers\spy_away_header.gif
C:\WINDOWS\system32\drivers\spy_away_header_small.gif
C:\WINDOWS\system32\drivers\users_rating.gif
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\eaerwlsf.ini
C:\WINDOWS\system32\eilgdoht.ini
C:\WINDOWS\system32\eqiwbord.exe
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\fpqoikne.ini
C:\WINDOWS\system32\gejoxmbg.ini
C:\WINDOWS\system32\ggrbskpy.exe
C:\WINDOWS\system32\hepdoema.exe
C:\WINDOWS\system32\hgGyxXQK.dll
C:\WINDOWS\system32\iifefDWo.dll
C:\WINDOWS\system32\iwgjomam.ini
C:\WINDOWS\system32\KQXxyGgh.ini
C:\WINDOWS\system32\KQXxyGgh.ini2
C:\WINDOWS\system32\lkeabniu.ini
C:\WINDOWS\system32\llnmp.bak1
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\llnmp.tmp
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlbxfemw.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\ooeddqdm.dll
C:\WINDOWS\system32\PooVyyay.ini
C:\WINDOWS\system32\PooVyyay.ini2
C:\WINDOWS\system32\ptyowxjx.ini
C:\WINDOWS\system32\qdgmikty.ini
C:\WINDOWS\system32\qkmtmace.ini
C:\WINDOWS\system32\rfcskhtv.dll
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\smante~1\S?mantec\
C:\WINDOWS\system32\swnqcvfs.exe
C:\WINDOWS\system32\txbfyqbq.exe
C:\WINDOWS\system32\ukhnhvru.exe
C:\WINDOWS\system32\umwwnaix.ini
C:\WINDOWS\system32\uninstall.exe
C:\WINDOWS\system32\uttss.bak1
C:\WINDOWS\system32\uttss.bak2
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.ini2
C:\WINDOWS\system32\uttss.tmp
C:\WINDOWS\system32\XGhRCJlm.ini
C:\WINDOWS\system32\XGhRCJlm.ini2
C:\WINDOWS\system32\xjxwoytp.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FOPN
-------\Legacy_NETWORK_MONITOR
-------\Legacy_WINDOWS_OVERLAY_COMPONENTS
((((((((((((((((((((((((( Files Created from 2008-04-26 to 2008-05-26 )))))))))))))))))))))))))))))))
.
2008-05-26 08:42 . 2008-05-26 08:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-25 10:14 . 2008-05-25 10:14 135,168 --a------ C:\WINDOWS\system32\geibeuic.dll
2008-05-25 10:11 . 2008-05-25 10:11 114,176 --a------ C:\WINDOWS\system32\xianwwmu.dll
2008-05-25 10:08 . 2008-05-25 10:08 128,000 --a------ C:\WINDOWS\system32\aewtutde.dll
2008-05-25 08:29 . 2008-05-25 08:29 135,168 --a------ C:\WINDOWS\system32\afavllch.dll
2008-05-25 08:26 . 2008-05-25 08:26 114,176 --a------ C:\WINDOWS\system32\wmefxblm.dll
2008-05-25 08:25 . 2008-05-25 09:51 <DIR> d-------- C:\VundoFix Backups
2008-05-25 08:23 . 2008-05-25 08:23 128,000 --a------ C:\WINDOWS\system32\tpxcymfc.dll
2008-05-25 00:30 . 2008-05-25 00:30 370,688 --a------ C:\WINDOWS\system32\yayyVooP.dll_old
2008-05-24 18:49 . 2008-05-24 18:49 134,656 --a------ C:\WINDOWS\system32\ocgwbdcc.dll
2008-05-24 18:41 . 2008-05-24 18:41 126,976 --a------ C:\WINDOWS\system32\nwkbloox.dll
2008-05-24 11:35 . 2008-05-24 11:44 <DIR> d-------- C:\Program Files\Panda Security
2008-05-23 23:21 . 2008-05-23 23:22 135,168 --a------ C:\WINDOWS\system32\xwoqwpde.dll
2008-05-23 23:19 . 2008-05-23 23:19 125,440 --a------ C:\WINDOWS\system32\kiihlfrf.dll
2008-05-23 10:49 . 2008-05-25 10:24 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-23 10:49 . 2008-05-23 10:49 <DIR> d-------- C:\Documents and Settings\Administrator.OLDY\WINDOWS
2008-05-23 10:49 . 2008-05-23 10:49 <DIR> d-------- C:\Documents and Settings\Administrator.OLDY\.jpi_cache
2008-05-23 10:49 . 2008-05-23 10:49 <DIR> d-------- C:\Documents and Settings\Administrator.OLDY\.java
2008-05-23 09:52 . 2008-05-23 10:46 <DIR> d-------- C:\Program Files\Promosoft Corporation
2008-05-23 09:45 . 2008-05-23 09:45 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-05-22 19:45 . 2008-05-23 10:49 <DIR> d---s---- C:\Documents and Settings\Administrator.OLDY\UserData
2008-05-22 19:45 . 2008-05-23 10:46 <DIR> d-------- C:\Documents and Settings\Administrator.OLDY
2008-05-22 17:30 . 2008-05-22 17:30 113,664 --a------ C:\WINDOWS\system32\fslwreae.dll
2008-05-22 17:27 . 2008-05-22 17:27 135,168 --a------ C:\WINDOWS\system32\lkaifggu.dll
2008-05-22 17:24 . 2008-05-22 17:24 125,952 --a------ C:\WINDOWS\system32\cvphlama.dll
2008-05-22 15:34 . 2008-05-22 15:34 113,664 --a------ C:\WINDOWS\system32\eifofpnc.dll
2008-05-22 15:30 . 2008-05-22 15:30 135,168 --a------ C:\WINDOWS\system32\bbwbsjhw.dll
2008-05-22 15:25 . 2008-05-22 15:25 125,952 --a------ C:\WINDOWS\system32\nvpkjskt.dll
2008-05-21 15:17 . 2008-05-21 15:17 <DIR> d-------- C:\WINDOWS\system32\logXv01
2008-05-21 11:03 . 2008-05-21 11:03 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-21 11:03 . 2008-05-21 11:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-16 16:33 . 2008-05-16 16:33 <DIR> d-------- C:\Program Files\Funcom
2008-05-16 10:29 . 2008-05-16 10:29 <DIR> d-------- C:\Program Files\The Adventure Company
2008-05-11 23:18 . 2008-05-11 23:21 <DIR> d-------- C:\Program Files\Microsoft Math 3.0
2008-05-04 13:41 . 2008-05-04 13:58 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Download Manager
2008-04-30 22:03 . 2008-05-11 09:58 3,145,782 --a------ C:\WINDOWS\BGInfo.bmp
2008-04-27 13:05 . 2008-04-27 13:06 <DIR> d-------- C:\lynx_w32
2008-04-26 23:32 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-04-26 23:32 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-26 16:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\WTablet
2008-05-26 16:29 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-05-26 15:33 --------- d-----w C:\Program Files\HJT
2008-05-25 16:52 --------- d-----w C:\Program Files\PowerISO
2008-05-23 17:49 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-23 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-16 23:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 18:17 145,536 -c--a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-04-24 21:07 --------- d-----w C:\Program Files\Sony
2008-04-24 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-04-18 16:21 --------- d-----w C:\Documents and Settings\Owner\Application Data\GetRightToGo
2008-04-17 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-17 15:48 --------- d-----w C:\Program Files\Lavasoft
2008-04-17 15:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-04-17 15:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-06 00:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
2008-03-28 03:38 --------- d-----w C:\Program Files\DVD Converter
2008-03-27 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2006-09-25 00:12 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d626a72c-24e7-4437-98cc-9408dc832fab}]
2008-05-25 10:14 135168 --a------ C:\WINDOWS\system32\geibeuic.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-08-17 17:23 1626112 C:\WINDOWS\system32\nwiz.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-07-24 02:36 151597]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-04-13 13:20 59040]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"3c09fca9"="C:\WINDOWS\system32\xianwwmu.dll" [2008-05-25 10:11 114176]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-08-17 17:23 8478720]
"BM3f3acf35"="C:\WINDOWS\system32\aewtutde.dll" [2008-05-25 10:08 128000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 07:11:14 27136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 03:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo"= CxCap.drv
"vidc.DIV3"= divxc32.dll
"vidc.DIV4"= divxc32f.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.X264"= x264vfw.dll
"vidc.davc"= davcvfw.dll
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADA70GUI]
--a--c--- 1998-07-31 01:36 665600 C:\Program Files\ALTEC LANSING\ADA70 - AMS\ada70gui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a--c--- 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a--c--- 2006-06-01 13:32 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2006-04-13 13:20 59040 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolSwitch]
--a--c--- 2002-03-19 17:30 45632 C:\WINDOWS\system32\taskswitch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a--c--- 2006-11-12 03:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON PictureMate]
--a--c--- 2003-09-19 03:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a--c--- 2004-08-20 15:51 118784 C:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2002-11-05 11:34 188416 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a--c--- 1998-05-07 16:04 52736 c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a--c--- 2004-08-20 15:55 155648 C:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a--c--- 2007-02-22 00:20 67128 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a--c--- 2005-07-23 00:25 28160 C:\WINDOWS\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a--c--- 2007-08-17 17:23 8478720 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-08-17 17:23 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2007-08-17 17:23 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCPitstop Optimize Registration Reminder]
--a--c--- 2005-08-29 13:41 266240 C:\Program Files\PCPitstop\Optimize\Reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a--c--- 2002-07-31 20:28 81920 C:\WINDOWS\system32\ps2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a--c--- 2007-04-09 05:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a--c--- 2002-09-13 21:42 212992 C:\WINDOWS\SMINST\RECGUARD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
--a--c--- 2003-02-13 08:01 155648 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
--a--c--- 2003-08-09 11:27 139264 C:\Program Files\Multimedia Card Reader\shwicon2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a--c--- 2006-07-14 15:59 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2003-07-24 02:36 151597 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]
C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a--c--- 2006-05-06 06:29 6656 C:\Program Files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2006-03-10 10:45 35328 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a--c--- 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM3f3acf35"=Rundll32.exe "C:\WINDOWS\system32\tpxcymfc.dll",s
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\Owner\\My Documents\\Runuo\\UO Fusion\\Server.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\BitTorrent\\btdownloadgui.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Canon\\DV Messenger\\DV Messenger.exe"=
"C:\\Program Files\\GlobalSCAPE\\CuteFTP Professional\\ftpte.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:VPN
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-07-14 17:32]
R2 lf;lf;C:\Program Files\Lock Folder XP 3.2\UniShieldXP.sys [2003-07-03 22:50]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2006-02-14 14:18]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2006-02-14 14:19]
S3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys []
S3 ca2a3af0-4a75-4f9a-9ac9-381eb0299d77;ca2a3af0-4a75-4f9a-9ac9-381eb0299d77;E:\CDS300\cds300.dll []
S3 lac97inf;lac97inf;C:\DOCUME~1\Owner\LOCALS~1\Temp\lac97inf.sys []
S3 PORTMON;PORTMON;C:\Documents and Settings\Owner\Desktop\Internal\PORTMSYS.SYS []
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea3bf279-124f-11dd-896c-00402b67e28b}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
http://adidas.eprize.net/kingofthebounce
.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 16:32:05 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-05-24 03:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-05-26 09:31:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\BM3f3acf35.xml 109803 bytes
C:\WINDOWS\system32\umwwnaix.ini 294 bytes
scan completed successfully
hidden files: 2
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\xianwwmu.dll
-> C:\WINDOWS\system32\aewtutde.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\omniServ.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Messenger\msmsgs.exe
.
**************************************************************************
.
Completion time: 2008-05-26 10:21:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-26 17:20:48
Pre-Run: 8,403,832,832 bytes free
Post-Run: 8,283,865,088 bytes free
379 --- E O F --- 2008-05-06 21:13:35
