Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Caleb's Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Caleb's Log

Unread postby czickefoose » August 16th, 2006, 10:56 pm

Logfile of HijackThis v1.99.1
Scan saved at 10:22:06 PM, on 8/16/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\ismon.exe
C:\WINDOWS\System32\isnotify.exe
C:\WINDOWS\System32\issearch.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccsvchst.exe
C:\Program Files\Common Files\{D82F536A-07C9-1033-0826-020326200001}\Update.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\TEMP\idd34E.tmp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\ccsvchst.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CfgWiz.exe" /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /min
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... 0.0.15.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/s ... insctl.cab
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - http://soft.trustincash.com/install/tload.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleAc ... refid=1123
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {A609CB6E-FEB5-47C3-966C-1B916842BD01} (Nlopflash Class) - http://poker.nlop.com/poker/PokerCreations.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/ ... Client.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://onlinelive.newhorizons.com/SiteR ... loader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/s ... cGDMgr.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec PIF Service (pifService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
czickefoose
Regular Member
 
Posts: 20
Joined: August 16th, 2006, 10:37 pm
Advertisement
Register to Remove

The problems...

Unread postby czickefoose » August 16th, 2006, 11:00 pm

Okay, the problems are... I can't really click on anything, any links, because I get sent to porn. The computer is really slow. I can't set my homepage to anything because it goes to this security alert thing and is followed by a pop up that starts to download spyware. When I start my computer, sometimes there is a spyware that downloads itself. Again, if I get to google or yahoo, if I search it, I have to copy and paste the link otherwise i get sent to porn. There are proobably other problems that I am just not noticing too...

Caleb
czickefoose
Regular Member
 
Posts: 20
Joined: August 16th, 2006, 10:37 pm

Unread postby Danny_ » August 16th, 2006, 11:16 pm

Hi

Please download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.
_____________________________

Next, please download the trial version of Ewido anti-malware 3.5 from here:
http://www.ewido.net/en/download/
  • Install Ewido anti-malware.
  • When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
  • When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
  • The program will prompt you to update. Click the Ok button.
  • The program will now go to the main screen.
You will need to update Ewido to the latest definition files.
  • On the left-hand side of the main screen click the Update Button.
  • Click on Start.
The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter

Image

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Please post:
C:\rapport.txt

dk :)
User avatar
Danny_
Regular Member
 
Posts: 97
Joined: March 1st, 2005, 9:30 am

Caleb's Rapport

Unread postby czickefoose » August 16th, 2006, 11:39 pm

SmitFraudFix v2.81

Scan done at 23:37:24.60, Wed 08/16/2006
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\.protected FOUND !
C:\WINDOWS\ads.js FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ishost.exe FOUND !
C:\WINDOWS\system32\ismon.exe FOUND !
C:\WINDOWS\system32\isnotify.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ixt?.dll FOUND !
C:\WINDOWS\system32\ixt??.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

\.protected FOUND !
\.protected FOUND !

»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\SpyHeal\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g319937.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g319937.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00311}"="z"

[HKEY_CLASSES_ROOT\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00311}\InProcServer32]
@="C:\WINDOWS\system32\compstuig.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00311}\InProcServer32]
@="C:\WINDOWS\system32\compstuig.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
czickefoose
Regular Member
 
Posts: 20
Joined: August 16th, 2006, 10:37 pm

Unread postby Danny_ » August 17th, 2006, 12:07 am

Hi,

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

Image


The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.
  • Click on Scanner
  • Click on Settings
    • Under How to scan all boxes should be checked
    • Under Unwanted Software all boxes should be checked
    • Under What to scan select Scan every file
    • Click on Ok
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections and put a checkmark in the box next to Create encrypted backup, then choose clean and click Ok.

Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.
  • Click Save Report button
  • Save the report to your Desktop
Close Ewido and Reboot in Normal Mode.

______________________________

Please post:
  1. c:\rapport.txt
  2. Ewido log
  3. A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.

dk
User avatar
Danny_
Regular Member
 
Posts: 97
Joined: March 1st, 2005, 9:30 am

First Log

Unread postby czickefoose » August 17th, 2006, 1:53 am

SmitFraudFix v2.81

Scan done at 0:22:18.68, Thu 08/17/2006
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g319937.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g319937.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00311}"="z"

[HKEY_CLASSES_ROOT\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00311}\InProcServer32]
@="C:\WINDOWS\system32\compstuig.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00311}\InProcServer32]
@="C:\WINDOWS\system32\compstuig.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\g319937.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\.protected Deleted
C:\WINDOWS\ads.js Deleted
C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismon.exe Deleted
C:\WINDOWS\system32\isnotify.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
\.protected Deleted
C:\Program Files\SpyHeal\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g319937.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]
@="C:\WINDOWS\g319937.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00311}"="z"

[HKEY_CLASSES_ROOT\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00311}\InProcServer32]
@="C:\WINDOWS\system32\compstuig.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A4F94C0C-54A7-4DB1-9AF3-B22E63D00311}\InProcServer32]
@="C:\WINDOWS\system32\compstuig.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End
czickefoose
Regular Member
 
Posts: 20
Joined: August 16th, 2006, 10:37 pm

Report Log

Unread postby czickefoose » August 17th, 2006, 1:54 am

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:41:09 AM 8/17/2006

+ Scan result:



C:\WINDOWS\compstuig.dll -> Downloader.Delf.aeo : No action taken.
C:\WINDOWS\g524593.dll -> Downloader.Delf.amb : No action taken.
C:\WINDOWS\g7751125.dll -> Downloader.Delf.amb : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{D4DFC1D8-2D2E-4962-B0D0-389FBA0F76B5} -> Hijacker.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4DFC1D8-2D2E-4962-B0D0-389FBA0F76B5} -> Hijacker.Generic : No action taken.
:mozilla.115:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.116:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.117:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.118:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.119:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.120:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.122:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\aya\Cookies\user@adorigin[2].txt -> TrackingCookie.Adorigin : No action taken.
C:\Documents and Settings\aya\Cookies\user@ads.adorigin[1].txt -> TrackingCookie.Adorigin : No action taken.
:mozilla.247:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.248:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.249:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.250:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.251:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.252:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.253:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.108:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.109:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.110:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.44:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.45:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.46:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.47:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.48:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.49:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.50:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.51:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.52:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.53:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.54:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.55:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.56:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.57:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.58:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.59:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.60:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.61:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.62:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.63:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.64:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.65:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.66:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.67:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.68:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.69:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.70:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.71:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.72:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.73:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.74:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.75:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.76:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.77:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.78:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.79:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.80:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.81:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.82:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.83:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.84:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.85:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.86:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.87:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.88:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.89:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.90:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.91:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.92:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.93:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.41:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.176:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Bfast : No action taken.
:mozilla.187:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.198:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.199:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Bridgetrack : No action taken.
:mozilla.186:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.182:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.183:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.224:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.225:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.226:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.227:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.228:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.229:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\aya\Cookies\user@cz8.clickzs[1].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\User\Cookies\user@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\aya\Cookies\user@com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\User\Cookies\user@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.43:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.136:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.103:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.104:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.105:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.106:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.107:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\User\Cookies\user@c.goclick[1].txt -> TrackingCookie.Goclick : No action taken.
:mozilla.24:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.203:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.204:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.205:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\aya\Cookies\user@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\aya\Cookies\user@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.121:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.162:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.163:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.164:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.201:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\User\Cookies\user@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.238:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.235:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.236:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.188:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.189:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.217:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.218:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.240:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.241:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.242:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.243:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.244:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.245:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.246:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.207:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.219:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.220:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.174:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.175:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.210:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.211:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.212:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.213:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.214:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.215:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.216:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.100:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.101:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.102:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\bhn0hpym.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\WINDOWS\system32\cool.exe -> Trojan.Dialer.qs : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc19.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc20.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc21.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc22.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc23.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc24.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc25.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc26.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc27.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc28.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc29.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc30.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc32.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc33.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc34.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc35.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc36.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc37.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc38.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc39.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc40.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc41.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc42.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc43.exe -> Trojan.Dialer.qy : No action taken.
C:\RECYCLER\S-1-5-21-2797716708-2364609281-1352573042-1005\Dc44.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\temp\idd362.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\temp\idd373.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\temp\idd38D.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\temp\idd3F8.tmp.exe -> Trojan.Dialer.qy : No action taken.
C:\WINDOWS\temp\idd407.tmp.exe -> Trojan.Dialer.qy : No action taken.


::Report end
czickefoose
Regular Member
 
Posts: 20
Joined: August 16th, 2006, 10:37 pm

hi jack report

Unread postby czickefoose » August 17th, 2006, 1:55 am

Logfile of HijackThis v1.99.1
Scan saved at 1:44:40 AM, on 8/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Support.com\BellSouth\hcenter.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccsvchst.exe
C:\Program Files\Common Files\{D82F536A-07C9-1033-0826-020326200001}\Update.exe
C:\Program Files\aim\aim.exe
C:\DOCUME~1\User\LOCALS~1\Temp\symlcsv1.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\DOCUME~1\User\LOCALS~1\Temp\symlcsv1.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\ccsvchst.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CfgWiz.exe" /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /min
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... 0.0.15.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/s ... insctl.cab
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - http://soft.trustincash.com/install/tload.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleAc ... refid=1123
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {A609CB6E-FEB5-47C3-966C-1B916842BD01} (Nlopflash Class) - http://poker.nlop.com/poker/PokerCreations.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/ ... Client.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://onlinelive.newhorizons.com/SiteR ... loader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/s ... cGDMgr.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
O20 - AppInit_DLLs:
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec PIF Service (pifService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
czickefoose
Regular Member
 
Posts: 20
Joined: August 16th, 2006, 10:37 pm

Unread postby Danny_ » August 17th, 2006, 2:23 am

Hi,

Before We Begin

Please download the following tools and save them to your desktop:

1. About:Buster (After you download it, right click on the desktop and select new >folder, name it aboutbuster then unzip AboutBuster.zip into the new folder.)


2. Killbox by Option^Explicit.

Next, Please Boot Into Safe Mode

When in Safe Mode, run AboutBuster.exe, and click the "Begin Removal" button.

After that is finished, open HijackThis, click the "Scan" button, and check the following items (If Present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - Startup: .protected
O4 - Global Startup: .protected
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... 0.0.15.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleAc ... refid=1123
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {A609CB6E-FEB5-47C3-966C-1B916842BD01} (Nlopflash Class) - http://poker.nlop.com/poker/PokerCreations.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://onlinelive.newhorizons.com/SiteR ... loader.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
O20 - AppInit_DLLs:


Close all windows except HijackThis, and click the "Fix Checked" button. Close HijackThis.


Next,

  • Double-click Killbox.exe to run it.
  • Select
    • "Delete on Reboot
    • then Click on the "All Files" button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

    C:\WINDOWS\system32\compstuig.dll
    C:\WINDOWS\g524593.dll
    C:\WINDOWS\g7751125.dll
    C:\WINDOWS\system32\cool.exe
    C:\PROGRA~1\RXTOOL~1\sfcont.dll



  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any PendingRenameOperations prompt.

If your computer does not restart automatically, please restart it manually.

Once you restart, please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post, as well as a new HijackThis log.


dk :)
User avatar
Danny_
Regular Member
 
Posts: 97
Joined: March 1st, 2005, 9:30 am

Kaspersky Report This is a lot

Unread postby czickefoose » August 17th, 2006, 5:02 am

This is a lot. Sorry

--------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, August 17, 2006 4:58:51 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 17/08/2006
Kaspersky Anti-Virus database records: 215733
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 63161
Number of viruses found: 38
Number of infected objects: 175 / 0
Number of suspicious objects: 1
Duration of the scan process: 01:21:29

Infected Object Name / Virus Name / Last Action
C:\!KillBox\cool.exe Infected: Trojan.Win32.Dialer.qs skipped
C:\!KillBox\g524593.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\!KillBox\g7751125.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\Documents and Settings\All Users\Application Data\Support.com\Profiles\User\triggers.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-08-17_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\1731E275.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{EEBC0ACA-3A43-45BD-A653-AF512B6FA50B}\Microsoft\Outlook Express\Inbox.dbx/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:27:42 -0500][Date Fri, 2 May 2003 18:27:42 -0500]/UNNAMED/forward/UNNAMED/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:25:30 -0500][Date Fri, 2 May 2003 18:25:30 -0500]/forward/[From kamikaze <kamikaze@kuoi.asui.uidaho.edu>][Date Thu, 01 May 2003 15:23:17 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{EEBC0ACA-3A43-45BD-A653-AF512B6FA50B}\Microsoft\Outlook Express\Inbox.dbx/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:27:42 -0500][Date Fri, 2 May 2003 18:27:42 -0500]/UNNAMED/forward/UNNAMED/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:25:30 -0500][Date Fri, 2 May 2003 18:25:30 -0500]/forward/[From kamikaze <kamikaze@kuoi.asui.uidaho.edu>][Date Thu, 01 May 2003 15:23:17 -0500]/UNNAMED/forgot_pwex96f06ab2[1].scr Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{EEBC0ACA-3A43-45BD-A653-AF512B6FA50B}\Microsoft\Outlook Express\Inbox.dbx/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:27:42 -0500][Date Fri, 2 May 2003 18:27:42 -0500]/UNNAMED/forward/UNNAMED/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:25:30 -0500][Date Fri, 2 May 2003 18:25:30 -0500]/forward/[From kamikaze <kamikaze@kuoi.asui.uidaho.edu>][Date Thu, 01 May 2003 15:23:17 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{EEBC0ACA-3A43-45BD-A653-AF512B6FA50B}\Microsoft\Outlook Express\Inbox.dbx/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:27:42 -0500][Date Fri, 2 May 2003 18:27:42 -0500]/UNNAMED/forward/UNNAMED/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:25:30 -0500][Date Fri, 2 May 2003 18:25:30 -0500]/forward Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{EEBC0ACA-3A43-45BD-A653-AF512B6FA50B}\Microsoft\Outlook Express\Inbox.dbx/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:27:42 -0500][Date Fri, 2 May 2003 18:27:42 -0500]/UNNAMED/forward/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{EEBC0ACA-3A43-45BD-A653-AF512B6FA50B}\Microsoft\Outlook Express\Inbox.dbx/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:27:42 -0500][Date Fri, 2 May 2003 18:27:42 -0500]/UNNAMED/forward Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{EEBC0ACA-3A43-45BD-A653-AF512B6FA50B}\Microsoft\Outlook Express\Inbox.dbx/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:27:42 -0500][Date Fri, 2 May 2003 18:27:42 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{EEBC0ACA-3A43-45BD-A653-AF512B6FA50B}\Microsoft\Outlook Express\Inbox.dbx Mail MS Outlook 5: infected - 6, suspicious - 1 skipped
C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\User\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\User\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\User\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\MSHist012006081720060818\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\ntuser.dat Object is locked skipped
C:\Documents and Settings\User\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\3081\f437463\infopak.zip Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\3081\f437463\_bwfindx.zip Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\cache.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000001.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWay.m skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100289.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100290.dll Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100291.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100307.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100308.exe Infected: not-a-virus:AdWare.Win32.PurityScan.er skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100309.exe Infected: Trojan-Downloader.Win32.PurityScan.cu skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100330.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100332.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.w skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100337.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100338.dll Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100339.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100355.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100356.dll Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100357.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100367.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100600.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100601.exe Infected: Trojan-Downloader.Win32.PurityScan.cu skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100603.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.w skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100608.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100609.dll Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100610.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100625.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100626.dll Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100627.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100645.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100646.dll Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100647.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100663.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100664.dll Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100665.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100666.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100675.exe Infected: Trojan.Win32.Dialer.qs skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100684.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100685.dll Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100686.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100687.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100695.exe Infected: Trojan-Downloader.Win32.Zlob.acr skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100696.exe Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100699.dll Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100711.exe Infected: Trojan.Win32.Dialer.qs skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100804.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100805.dll Infected: Trojan-Downloader.Win32.Zlob.aec skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100806.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100807.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100814.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100816.exe Infected: Trojan-Downloader.Win32.Zlob.aeb skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100817.exe Infected: Trojan-Downloader.Win32.Zlob.aec skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100866.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100867.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100871.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100872.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100879.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100880.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100887.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100888.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100949.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100950.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100951.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100952.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100953.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100954.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.g skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100955.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100964.dll Infected: not-a-virus:AdWare.Win32.WebSearch.o skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100967.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100968.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100969.ocx Infected: not-a-virus:AdWare.Win32.FreeScratch.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100974.dll Infected: not-virus:Hoax.Win32.Renos.ds skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0101985.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0101986.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0102018.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0102019.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0102037.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0102038.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0102048.exe Infected: Trojan-Downloader.Win32.Zlob.aej skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP910\A0104044.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP910\A0104045.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP910\A0104058.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP910\A0104059.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP911\A0104079.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP911\A0104080.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP911\A0104097.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP911\A0104098.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP916\A0104151.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP916\A0104152.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP916\A0104166.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP916\A0104167.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP916\A0104183.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP916\A0104184.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP916\A0104191.exe Infected: Trojan-Downloader.Win32.Zlob.aew skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0105206.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0105207.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0105222.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0105223.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0105237.exe Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0105251.exe Infected: Trojan-Downloader.Win32.Agent.aqh skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0105279.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0105297.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0106297.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0106328.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0106341.dll Infected: Trojan-Clicker.Win32.Agent.ct skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0106342.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107325.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107330.exe Infected: Trojan-Downloader.Win32.Zlob.aby skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107331.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107334.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107338.dll Infected: not-virus:Hoax.Win32.Renos.ds skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107364.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107365.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107366.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107368.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107370.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107371.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107372.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107373.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107374.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107375.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107376.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107377.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107378.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107379.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107380.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107381.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107382.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107383.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107384.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107385.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107386.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107387.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107388.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107389.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107390.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107391.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107392.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107393.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0108406.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0108407.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0108408.exe Infected: Trojan.Win32.Dialer.qs skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\change.log Object is locked skipped
C:\WINDOWS\compstuig.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped
C:\WINDOWS\cpblpbc28.log Infected: Trojan-Downloader.Win32.Delf.aeo skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\USYP_0002_N91M0908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\USYP_0003_N91M0908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{FCFE2CAE-0AA2-4B10-85F8-9DF24B05272C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\btpanuib.dll Infected: not-a-virus:AdWare.Win32.SmartSearch.b skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\gebyayy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.by skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mlljk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.da skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\winmyy32.dll Infected: Packed.Win32.Klone.g skipped
C:\WINDOWS\temp\idd10B8.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd33C.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd34B.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd362.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd373.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd38D.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd3E7D.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd3F8.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd407.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd595.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\iddAD4.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\Perflib_Perfdata_5d0.dat Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_8f0.dat Object is locked skipped
C:\WINDOWS\temp\win1010.tmp Object is locked skipped
C:\WINDOWS\temp\win34E.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\WINDOWS\temp\win372.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\WINDOWS\temp\win3E27.tmp Object is locked skipped
C:\WINDOWS\temp\win9F8.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
czickefoose
Regular Member
 
Posts: 20
Joined: August 16th, 2006, 10:37 pm

Hi Jacked

Unread postby czickefoose » August 17th, 2006, 5:03 am

Logfile of HijackThis v1.99.1
Scan saved at 4:59:32 AM, on 8/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccsvchst.exe
C:\Program Files\Common Files\{D82F536A-07C9-1033-0826-020326200001}\Update.exe
C:\Program Files\aim\aim.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\TEMP\idd595.tmp.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\ccsvchst.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CfgWiz.exe" /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /min
O4 - HKCU\..\Run: [SysProtect] C:\Program Files\SysProtect Free\USYP.exe /scan
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbin/s ... insctl.cab
O16 - DPF: {590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} - http://soft.trustincash.com/install/tload.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/ ... Client.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://onlinelive.newhorizons.com/SiteR ... loader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbin/s ... cGDMgr.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec PIF Service (pifService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
czickefoose
Regular Member
 
Posts: 20
Joined: August 16th, 2006, 10:37 pm

Unread postby Danny_ » August 17th, 2006, 9:21 am

Hi,

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt in your next post.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

--------------------------------------------------------

Now, please open HijackThis, click the "Scan" button, and check the following items:

O4 - Startup: .protected
O4 - Global Startup: .protected
O15 - Trusted Zone: http://www.amaena.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com


Close all windows except for HijackThis, and click the "Fix Checked" button. Close HijackThis.

--------------------------------------------------------------------


Next, please locate and delete the following files/folders and delete them (If Present):

C:\!Killbox << This Folder

C:\WINDOWS\compstuig.dll << This File
C:\WINDOWS\cpblpbc28.log << This File

C:\WINDOWS\Downloaded Program Files\CONFLICT.1 << This Folder
C:\WINDOWS\Downloaded Program Files\CONFLICT.2 << This Folder
C:\WINDOWS\Downloaded Program Files\CONFLICT.3 << This Folder

C:\WINDOWS\Downloaded Program Files\USYP_0003_N91M0908NetInstaller.exe << This File
C:\WINDOWS\Downloaded Program Files\USYP_0002_N91M0908NetInstaller.exe << This File

C:\WINDOWS\system32\btpanuib.dll << This File

C:\WINDOWS\system32\gebyayy.dll << This File
C:\WINDOWS\system32\mlljk.dll << This File

----------------------------------------------------------------

Next, please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

------------------------------------------------------------------

Now, please run step 1 of SmitfraudFix, and post that log in your next post.


After that is finished, please run the Kaspersky Online Scan again, and and post back with:

1. A new HijackThis log
2. A Kaspersky log
3. C:\VundoFix.txt
4. C:\rapport.txt

Thanks,

dk :)
User avatar
Danny_
Regular Member
 
Posts: 97
Joined: March 1st, 2005, 9:30 am

Vendo Report

Unread postby czickefoose » August 17th, 2006, 12:14 pm

VundoFix V6.0.1

Checking Java version...

Sun Java not detected
Scan started at 11:57:20 AM 8/17/2006

Listing files found while scanning....

C:\windows\system32\gebyayy.dll
C:\windows\system32\mlljk.dll
C:\windows\system32\kjllm.ini
C:\windows\system32\kjllm.bak1
C:\windows\system32\kjllm.bak2
C:\windows\system32\kjllm.ini2
C:\windows\system32\kjllm.tmp
C:\windows\system32\brtssksf.exe
C:\windows\system32\eahuobxo.exe
C:\windows\system32\engukjdw.exe
C:\windows\system32\miplhafm.exe
C:\windows\system32\nkivcgaw.exe
C:\windows\system32\nugrlkhm.exe
C:\windows\system32\oyumfrmv.exe
C:\windows\system32\qfilarxy.exe
C:\windows\system32\qqxyurdw.exe
C:\windows\system32\rdfjcfgn.exe
C:\windows\system32\rqwvotwn.exe
C:\windows\system32\wtlllmti.exe
C:\windows\system32\wwugjqbm.exe
C:\windows\system32\yejnafxo.exe
C:\windows\system32\ylnqbvpy.exe
C:\windows\system32\yoxownnv.exe

Beginning removal...

Attempting to delete C:\windows\system32\gebyayy.dll
C:\windows\system32\gebyayy.dll Has been deleted!

Attempting to delete C:\windows\system32\mlljk.dll
C:\windows\system32\mlljk.dll Has been deleted!

Attempting to delete C:\windows\system32\kjllm.ini
C:\windows\system32\kjllm.ini Has been deleted!

Attempting to delete C:\windows\system32\kjllm.bak1
C:\windows\system32\kjllm.bak1 Has been deleted!

Attempting to delete C:\windows\system32\kjllm.bak2
C:\windows\system32\kjllm.bak2 Has been deleted!

Attempting to delete C:\windows\system32\kjllm.ini2
C:\windows\system32\kjllm.ini2 Has been deleted!

Attempting to delete C:\windows\system32\kjllm.tmp
C:\windows\system32\kjllm.tmp Has been deleted!

Attempting to delete C:\windows\system32\brtssksf.exe
C:\windows\system32\brtssksf.exe Has been deleted!

Attempting to delete C:\windows\system32\eahuobxo.exe
C:\windows\system32\eahuobxo.exe Has been deleted!

Attempting to delete C:\windows\system32\engukjdw.exe
C:\windows\system32\engukjdw.exe Has been deleted!

Attempting to delete C:\windows\system32\miplhafm.exe
C:\windows\system32\miplhafm.exe Has been deleted!

Attempting to delete C:\windows\system32\nkivcgaw.exe
C:\windows\system32\nkivcgaw.exe Has been deleted!

Attempting to delete C:\windows\system32\nugrlkhm.exe
C:\windows\system32\nugrlkhm.exe Has been deleted!

Attempting to delete C:\windows\system32\oyumfrmv.exe
C:\windows\system32\oyumfrmv.exe Has been deleted!

Attempting to delete C:\windows\system32\qfilarxy.exe
C:\windows\system32\qfilarxy.exe Has been deleted!

Attempting to delete C:\windows\system32\qqxyurdw.exe
C:\windows\system32\qqxyurdw.exe Has been deleted!

Attempting to delete C:\windows\system32\rdfjcfgn.exe
C:\windows\system32\rdfjcfgn.exe Has been deleted!

Attempting to delete C:\windows\system32\rqwvotwn.exe
C:\windows\system32\rqwvotwn.exe Has been deleted!

Attempting to delete C:\windows\system32\wtlllmti.exe
C:\windows\system32\wtlllmti.exe Has been deleted!

Attempting to delete C:\windows\system32\wwugjqbm.exe
C:\windows\system32\wwugjqbm.exe Has been deleted!

Attempting to delete C:\windows\system32\yejnafxo.exe
C:\windows\system32\yejnafxo.exe Has been deleted!

Attempting to delete C:\windows\system32\ylnqbvpy.exe
C:\windows\system32\ylnqbvpy.exe Has been deleted!

Attempting to delete C:\windows\system32\yoxownnv.exe
C:\windows\system32\yoxownnv.exe Has been deleted!

Performing Repairs to the registry.
Done!
czickefoose
Regular Member
 
Posts: 20
Joined: August 16th, 2006, 10:37 pm

rapport

Unread postby czickefoose » August 17th, 2006, 12:46 pm

SmitFraudFix v2.81

Scan done at 12:45:51.54, Thu 08/17/2006
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
czickefoose
Regular Member
 
Posts: 20
Joined: August 16th, 2006, 10:37 pm

kapersky

Unread postby czickefoose » August 17th, 2006, 2:09 pm

------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, August 17, 2006 2:08:09 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 17/08/2006
Kaspersky Anti-Virus database records: 215889
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 63191
Number of viruses found: 38
Number of infected objects: 186 / 0
Number of suspicious objects: 1
Duration of the scan process: 01:17:47

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Support.com\Profiles\User\triggers.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-08-17_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\77C2CFE6.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{EEBC0ACA-3A43-45BD-A653-AF512B6FA50B}\Microsoft\Outlook Express\Inbox.dbx/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:27:42 -0500][Date Fri, 2 May 2003 18:27:42 -0500]/UNNAMED/forward/UNNAMED/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:25:30 -0500][Date Fri, 2 May 2003 18:25:30 -0500]/forward/[From kamikaze <kamikaze@kuoi.asui.uidaho.edu>][Date Thu, 01 May 2003 15:23:17 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{EEBC0ACA-3A43-45BD-A653-AF512B6FA50B}\Microsoft\Outlook Express\Inbox.dbx/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:27:42 -0500][Date Fri, 2 May 2003 18:27:42 -0500]/UNNAMED/forward/UNNAMED/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:25:30 -0500][Date Fri, 2 May 2003 18:25:30 -0500]/forward/[From kamikaze <kamikaze@kuoi.asui.uidaho.edu>][Date Thu, 01 May 2003 15:23:17 -0500]/UNNAMED/forgot_pwex96f06ab2[1].scr Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{EEBC0ACA-3A43-45BD-A653-AF512B6FA50B}\Microsoft\Outlook Express\Inbox.dbx/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:27:42 -0500][Date Fri, 2 May 2003 18:27:42 -0500]/UNNAMED/forward/UNNAMED/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:25:30 -0500][Date Fri, 2 May 2003 18:25:30 -0500]/forward/[From kamikaze <kamikaze@kuoi.asui.uidaho.edu>][Date Thu, 01 May 2003 15:23:17 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{EEBC0ACA-3A43-45BD-A653-AF512B6FA50B}\Microsoft\Outlook Express\Inbox.dbx/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:27:42 -0500][Date Fri, 2 May 2003 18:27:42 -0500]/UNNAMED/forward/UNNAMED/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:25:30 -0500][Date Fri, 2 May 2003 18:25:30 -0500]/forward Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{EEBC0ACA-3A43-45BD-A653-AF512B6FA50B}\Microsoft\Outlook Express\Inbox.dbx/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:27:42 -0500][Date Fri, 2 May 2003 18:27:42 -0500]/UNNAMED/forward/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{EEBC0ACA-3A43-45BD-A653-AF512B6FA50B}\Microsoft\Outlook Express\Inbox.dbx/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:27:42 -0500][Date Fri, 2 May 2003 18:27:42 -0500]/UNNAMED/forward Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{EEBC0ACA-3A43-45BD-A653-AF512B6FA50B}\Microsoft\Outlook Express\Inbox.dbx/[From Submitted using SMTP AUTH at pop018.verizon.net from [172.17.10.210] at Fri, 2 May 2003 18:27:42 -0500][Date Fri, 2 May 2003 18:27:42 -0500]/UNNAMED Infected: Email-Worm.Win32.Klez.h skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{EEBC0ACA-3A43-45BD-A653-AF512B6FA50B}\Microsoft\Outlook Express\Inbox.dbx Mail MS Outlook 5: infected - 6, suspicious - 1 skipped
C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\User\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\User\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\User\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\History\History.IE5\MSHist012006081720060818\index.dat Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temp\jar_cache40707.tmp Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temp\jar_cache40708.tmp Object is locked skipped
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\ntuser.dat Object is locked skipped
C:\Documents and Settings\User\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\User\plugin131_04.trace Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\HP\hpcoretech\data\RegData-1336049547.xml Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\3081\f437463\infopak.zip Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\3081\f437463\_bwfindx.zip Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\cache.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000002.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWay.m skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100289.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100290.dll Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100291.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100307.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100308.exe Infected: not-a-virus:AdWare.Win32.PurityScan.er skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100309.exe Infected: Trojan-Downloader.Win32.PurityScan.cu skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100330.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100332.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.w skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100337.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100338.dll Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100339.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100355.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100356.dll Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100357.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP907\A0100367.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100600.dll Infected: not-a-virus:AdWare.Win32.PurityScan.en skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100601.exe Infected: Trojan-Downloader.Win32.PurityScan.cu skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100603.exe Infected: not-a-virus:AdWare.Win32.MediaTickets.w skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100608.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100609.dll Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100610.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100625.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100626.dll Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100627.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100645.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100646.dll Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100647.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100663.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100664.dll Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100665.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100666.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100675.exe Infected: Trojan.Win32.Dialer.qs skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100684.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100685.dll Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100686.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100687.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100695.exe Infected: Trojan-Downloader.Win32.Zlob.acr skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100696.exe Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100699.dll Infected: Trojan-Downloader.Win32.Zlob.acg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100711.exe Infected: Trojan.Win32.Dialer.qs skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100804.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100805.dll Infected: Trojan-Downloader.Win32.Zlob.aec skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100806.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100807.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100814.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100816.exe Infected: Trojan-Downloader.Win32.Zlob.aeb skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP908\A0100817.exe Infected: Trojan-Downloader.Win32.Zlob.aec skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100866.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100867.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100871.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100872.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100879.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100880.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100887.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100888.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100949.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100950.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100951.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100952.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100953.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100954.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.g skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100955.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100964.dll Infected: not-a-virus:AdWare.Win32.WebSearch.o skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100967.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100968.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100969.ocx Infected: not-a-virus:AdWare.Win32.FreeScratch.a skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0100974.dll Infected: not-virus:Hoax.Win32.Renos.ds skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0101985.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0101986.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0102018.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0102019.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0102037.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0102038.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP909\A0102048.exe Infected: Trojan-Downloader.Win32.Zlob.aej skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP910\A0104044.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP910\A0104045.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP910\A0104058.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP910\A0104059.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP911\A0104079.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP911\A0104080.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP911\A0104097.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP911\A0104098.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP916\A0104151.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP916\A0104152.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP916\A0104166.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP916\A0104167.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP916\A0104183.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP916\A0104184.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP916\A0104191.exe Infected: Trojan-Downloader.Win32.Zlob.aew skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0105206.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0105207.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0105222.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0105223.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0105237.exe Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0105251.exe Infected: Trojan-Downloader.Win32.Agent.aqh skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0105279.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0105297.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0106297.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0106328.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0106341.dll Infected: Trojan-Clicker.Win32.Agent.ct skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0106342.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107325.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107330.exe Infected: Trojan-Downloader.Win32.Zlob.aby skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107331.exe Infected: Trojan-Downloader.Win32.Zlob.yj skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107334.dll Infected: not-virus:Hoax.Win32.Renos.eg skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107338.dll Infected: not-virus:Hoax.Win32.Renos.ds skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107364.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107365.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107366.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107368.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107370.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107371.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107372.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107373.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107374.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107375.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107376.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107377.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107378.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107379.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107380.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107381.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107382.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107383.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107384.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107385.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107386.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107387.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107388.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107389.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107390.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107391.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107392.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0107393.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0108405.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0108406.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0108407.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0108408.exe Infected: Trojan.Win32.Dialer.qs skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0108436.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.by skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0108437.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.da skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0108483.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0108484.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0108485.exe Infected: Trojan.Win32.Dialer.qs skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0108486.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0108487.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\A0108488.dll Infected: not-a-virus:AdWare.Win32.SmartSearch.b skipped
C:\System Volume Information\_restore{C9E7AC67-19F8-468F-9C9B-80B5FCF2ABCE}\RP917\change.log Object is locked skipped
C:\VundoFix Backups\gebyayy.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.by skipped
C:\VundoFix Backups\mlljk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.da skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\USYP_0002_N91M0908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\Downloaded Program Files\USYP_0003_N91M0908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{A046EF4E-CFF7-4F0F-9202-A484590F482F}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\winmyy32.dll Infected: Packed.Win32.Klone.g skipped
C:\WINDOWS\temp\idd1094.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd10B8.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd33A.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd33C.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd345.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd349.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd34B.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd362.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd3696.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd373.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd38D.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd3E7D.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd3F8.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd3FB8.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd3FBF.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd407.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd595.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\idd9B5.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\iddAD4.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\temp\Perflib_Perfdata_894.dat Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_9f0.dat Object is locked skipped
C:\WINDOWS\temp\win2D3D.tmp Object is locked skipped
C:\WINDOWS\temp\win341.tmp Object is locked skipped
C:\WINDOWS\temp\win34E.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\WINDOWS\temp\win372.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\WINDOWS\temp\win9AD.tmp Object is locked skipped
C:\WINDOWS\temp\winEEB.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
czickefoose
Regular Member
 
Posts: 20
Joined: August 16th, 2006, 10:37 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware