Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I've picked up antivermins malware. Can anyone help me?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I've picked up antivermins malware. Can anyone help me?

Unread postby JimFerguson06 » December 26th, 2006, 3:39 am

I have run Norton Antivirus software and also run a Symantec online virus scan. I've also run the AVG Anti Spyware software and deleted what came up. I rebooted between each step, as instructed. The question mark within a circle keeps reappearing in my system tray, telling me I have viruses and that I should click on the link to Antivermins software. Here is my HijackThis Log.

Logfile of HijackThis v1.99.1
Scan saved at 1:26:28 AM, on 12/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\ProVenture\Billing Solution\tracker.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/m ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: UserInit=userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.netscape.com/index2.psp"); (C:\Documents and Settings\Jim Ferguson\Application Data\Mozilla\Profiles\default\5ifkak9c.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jim Ferguson\Application Data\Mozilla\Profiles\default\5ifkak9c.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - blank (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Tracker] "C:\ProVenture\Billing Solution\tracker.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Old Dell\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Old Dell\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= ... lcid=0x409
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug ... porter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZB ... b32846.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b32846.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb028.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7968985968
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h ... mDlBrg.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - http://liveca12.custhelp.com/7530-b327h ... a/RntX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS\system32\cthkpcv.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
JimFerguson06
Active Member
 
Posts: 12
Joined: December 24th, 2006, 7:51 pm
Advertisement
Register to Remove

Unread postby beynac » December 26th, 2006, 5:13 am

Hi

Welcome to MalWare Removal! I'm looking through your log now, and will post back very shortly.

:santa:
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby beynac » December 26th, 2006, 6:32 am

Hi.

SmitFraudFix (by S!Ri)
  • Please download SmitFraudFix from here and save it to your Desktop.
  • Double-click on Smitfraud.exe - this will create a SmitfraudFix folder.
  • Open the folder and double-click smitfraudfix.cmd
  • Select option #1 - Search by typing 1 and press Enter - a text file will appear, which lists infected files (if present).
Do not run any of the other options at this stage.

Please copy/paste the content of the report (c:\rapport.txt) into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a 'RiskTool'; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between 'good' and 'malicious' use of such programs, therefore they may alert the user.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby JimFerguson06 » December 26th, 2006, 1:57 pm

SmitFraudFix v2.131

Scan done at 11:54:48.81, Tue 12/26/2006
Run from C:\Documents and Settings\Jim Ferguson\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jim Ferguson


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jim Ferguson\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JIMFER~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"

[HKEY_CLASSES_ROOT\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]
@="C:\WINDOWS\system32\cthkpcv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]
@="C:\WINDOWS\system32\cthkpcv.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
JimFerguson06
Active Member
 
Posts: 12
Joined: December 24th, 2006, 7:51 pm

Unread postby beynac » December 26th, 2006, 2:53 pm

Please download ATF Cleaner by Atribune © from here : http://www.atribune.org/ccount/click.php?id=1
This is a stand-alone program that does not need to be installed. Save it to a convenient location and make a shortcut on your desktop. Using this program will remove temporary files, temporary internet files and cookies from your system, which will mean that any scans will run faster.

Do not use it yet.

----------------------------------------------------------------

AVG Anti-Spyware:

You already have this program installed. Please update it and check that the settings are as detailed below.
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
You will need to change the following settings:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click the Scanner icon at the top and then click the Settings Tab.
  • Under How to act? click Recommended actions and select Quarantine from the menu.
You can now close AVG Anti-Spyware. Do not scan yet.

---------------------------------------------------------------

You need to reboot your computer in Safe Mode for the next step. It would be a good idea for you to print these instructions, as you will not have access to the internet.

Important: If you have an 'always on' connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
  • Restart your computer.
  • Continually tap the F8 button as your computer is booting a menu appears.
  • Use up-arrow key to select Safe Mode and press Enter.
-------------------------------------------------------------

Open the SmitFraudFix folder on your desktop and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press 'Enter' to delete infected files.

You will be prompted : 'Registry cleaning - Do you want to clean the registry ?'; answer 'Yes' by typing Y and press 'Enter' in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer 'Yes' by typing Y and press 'Enter'.

The tool may need to restart your computer to finish the cleaning process.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt.

Reboot into Safe Mode (as above).

------------------------------------------------------------

Run ATF Cleaner by Atribune ©:
  • Double-click the shortcut on your desktop to run the program.
  • Under Main, choose Select All
  • Untick Prefetch
  • Click Empty Selected
  • If you use Firefox browser,
    • Click Firefox at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.
  • If you use Opera browser,
    • Click Opera at the top and choose Select All
    • Click on Empty Selected
    • NOTE: If you would like to keep any saved passwords, please untick that option.
  • Click Exit to close.
----------------------------------------------------

Close all open windows and then start AVG Anti-Spyware.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan? - Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
Reboot in Normal Mode.

------------------------------------------------------------

Open the SmitFraudFix folder again and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question 'Restore Trusted Zone ?' by typing Y and hit Enter.

-----------------------------------------------------------

Please post, as a reply to this thread:
  • The SmitFraudFix report (c:\rapport.txt)
  • The AVG Anti-Spyware report
  • A new HijackThis log
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby JimFerguson06 » December 26th, 2006, 8:04 pm

Thanks very much. Here are my reports and log.

SmitFraudFix v2.131

Scan done at 14:41:12.67, Tue 12/26/2006
Run from C:\Documents and Settings\Jim Ferguson\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"

[HKEY_CLASSES_ROOT\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]
@="C:\WINDOWS\system32\cthkpcv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]
@="C:\WINDOWS\system32\cthkpcv.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\cthkpcv.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\system32\cthkpcv.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:42:16 PM 12/26/2006

+ Scan result:



C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0304471.dll -> Downloader.Zlob.bid : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0305321.dll -> Downloader.Zlob.bif : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0305377.exe -> Downloader.Zlob.big : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 5:52:52 PM, on 12/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\ProVenture\Billing Solution\tracker.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Jim Ferguson\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: UserInit=userinit.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.netscape.com/index2.psp"); (C:\Documents and Settings\Jim Ferguson\Application Data\Mozilla\Profiles\default\5ifkak9c.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jim Ferguson\Application Data\Mozilla\Profiles\default\5ifkak9c.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - blank (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Tracker] "C:\ProVenture\Billing Solution\tracker.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Old Dell\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Old Dell\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= ... lcid=0x409
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug ... porter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZB ... b32846.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b32846.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb028.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7968985968
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h ... mDlBrg.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - http://liveca12.custhelp.com/7530-b327h ... a/RntX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
JimFerguson06
Active Member
 
Posts: 12
Joined: December 24th, 2006, 7:51 pm

Unread postby beynac » December 27th, 2006, 5:26 am

Good morning.

HijackThis

In your first HijackThis log, the program was correctly installed in its own folder (C:\Program Files\HijackThis\HijackThis.exe). In your second log it is on your desktop (C:\Documents and Settings\Jim Ferguson\Desktop\HijackThis.exe). Have you moved it or downloaded it again? Using the version on your desktop would mean that there would be no safe backups made of any fixes. If it's a new copy of the program, please delete it. If you moved it, then please move it back. It is important that you use the one at C:\Program Files\HijackThis\HijackThis.exe.

-----------------------------------------------------------

Please open AVG Anti-Spyware and make sure that the Resident Shield is "inactive".

Run HijackThis and click Scan and then check (tick) the following, if present (don't worry if any are missing):

F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - blank (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)


Unless you have the Spybot S&D option 'Lock homepage from changes' active, or you have locked using a different method, please also tick the following:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Close down all programs, browsers and other open windows. Make sure that only the above items are checked and then click on Fix checked.

----------------------------------------------------------

Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6.
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Click on the link named Java Runtime Environment (JRE) 6
  • Click on the radio button to Accept License Agreement
  • Click on Windows Offline Installation, Multi-language and save the downloaded file to your hard disk
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 2 Runtime Environment, JRE or JSE)
  • Reboot your computer
  • Install the new version by running the newly-downloaded file, and follow the on-screen instructions.
  • Reboot your computer
-----------------------------------------------------

Kaspersky Online Scanner

Using Internet Explorer, click on Kaspersky Online Scanner
  • You will be prompted to install an ActiveX component from Kaspersky, Click 'Yes'.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click 'Next'.
  • Now click on 'Scan Settings'
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database: 'Extended' (If available, otherwise 'Standard')
    • Scan Options: 'Scan Archives' and 'Scan Mail Bases'
  • Click 'OK'
  • Now under 'Select a target to scan' select 'My Computer'
  • The scan will take a while, so be patient and let it run. Once the scan is complete, it will display whether your system has been infected.
  • Now click on the 'Save as Text' button:
  • Save the file to your desktop.
Note: The Kaspersky online scanner is not yet fully compatible with IE7. You may get returned to a window without the Accept/Decline buttons after allowing the ActiveX control. The buttons are there - you just can't see them! Click on the zoom button (bottom, right of the window) and change it from 100% to 75%. You should now see the buttons. Reset to 100% once the license has been accepted.

----------------------------------------------------

Please post:
  • The Kaspersky report
  • A new HijackThis log
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby JimFerguson06 » December 27th, 2006, 3:39 pm

Thanks. Here are the two requested logs. All the files you asked me to tick under the first HiJackThis scan were present. The log included here was run following the Kaspersky scan.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, December 27, 2006 1:30:50 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/12/2006
Kaspersky Anti-Virus database records: 254556
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 203222
Number of viruses found: 22
Number of infected objects: 87 / 0
Number of suspicious objects: 3
Duration of the scan process: 02:41:09

Infected Object Name / Virus Name / Last Action
C:\Data\Outlook\outlook.bak/Personal Folders/Sent Items/13 Apr 2005 17:48 from Jim Ferguson:FW: Good day/text.zip/text.scr Infected: Net-Worm.Win32.Mytob.w skipped
C:\Data\Outlook\outlook.bak/Personal Folders/Sent Items/13 Apr 2005 17:48 from Jim Ferguson:FW: Good day/text.zip Infected: Net-Worm.Win32.Mytob.w skipped
C:\Data\Outlook\outlook.bak/Personal Folders/AFTRA/01 Sep 2004 14:06 to Jim:foto/foto.zip/foto.htm Infected: Exploit.HTML.CodeBaseExec skipped
C:\Data\Outlook\outlook.bak/Personal Folders/AFTRA/01 Sep 2004 14:06 to Jim:foto/foto.zip Infected: Exploit.HTML.CodeBaseExec skipped
C:\Data\Outlook\outlook.bak/Personal Folders/Old In Box as of 3/31/02/Moved mail from normal In Box/21 Aug 2000 20:21 from rdonnelly_1:HEY>>>.html Infected: Email-Worm.VBS.KakWorm skipped
C:\Data\Outlook\outlook.bak/Personal Folders/Old In Box as of 3/31/02/Moved mail from normal In Box/22 Aug 2000 21:11 from rdonnelly_1:Thanks....html Infected: Email-Worm.VBS.KakWorm skipped
C:\Data\Outlook\outlook.bak/Personal Folders/Old In Box as of 3/31/02/Moved mail from normal In Box/21 Aug 2000 20:21 from rdonnelly_1:HEY>>>.html Infected: Email-Worm.VBS.KakWorm skipped
C:\Data\Outlook\outlook.bak/Personal Folders/Old In Box as of 3/31/02/Moved mail from normal In Box/22 Aug 2000 21:11 from rdonnelly_1:Thanks....html Infected: Email-Worm.VBS.KakWorm skipped
C:\Data\Outlook\outlook.bak/Personal Folders/Old In Box as of 3/31/02/Moved mail from normal In Box/21 Aug 2000 20:21 from rdonnelly_1:HEY>>>.html Infected: Email-Worm.VBS.KakWorm skipped
C:\Data\Outlook\outlook.bak/Personal Folders/Old In Box as of 3/31/02/Moved mail from normal In Box/22 Aug 2000 21:11 from rdonnelly_1:Thanks....html Infected: Email-Worm.VBS.KakWorm skipped
C:\Data\Outlook\outlook.bak Mail MS Mail: infected - 10 skipped
C:\Data\Outlook\outlook.pst Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb58ce8b8a77b32c8e6ec4f90f772fac_7b71fbce-dff3-42c2-9259-d2367eb8daa9 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-12-27_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Application Data\Microsoft\Outlook\Microsoft Outlook Internet Settings.srs Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Application Data\Microsoft\Outlook\outitems.log Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jim Ferguson\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jim Ferguson\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jim Ferguson\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Jim Ferguson\Desktop\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\Musicmatch\Jukebox\Portables.log Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\History\History.IE5\MSHist012006122720061228\index.dat Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Temp\JET8984.tmp Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Temp\~DF1415.tmp Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Temp\~DF7FFA.tmp Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Temp\~DFA456.tmp Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Temp\~DFA79D.tmp Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Temp\~DFE78F.tmp Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Temp\~DFF12C.tmp Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Temp\~DFF141.tmp Object is locked skipped
C:\Documents and Settings\Jim Ferguson\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jim Ferguson\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jim Ferguson\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Installs\VNC\vnc-3.3.6-x86_win32.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skipped
C:\Installs\VNC\vnc-3.3.6-x86_win32.exe Inno: infected - 1 skipped
C:\Old Dell\Eudora\In.mbx/[From Andy Schefman <aschefma@aftra.com>][Date Fri, 3 Mar 2000 15:54:52 -0500]/text/[From Andy Schefman <aschefma@aftra.com>][Date Mon, 27 Nov 2000 20:59:44 -0500]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx/[From Andy Schefman <aschefma@aftra.com>][Date Fri, 3 Mar 2000 15:54:52 -0500]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx/[From "Roy Durfee" <rfdj@unm.edu>][Date Tue, 22 Feb 2000 16:56:23 -0700]/UNNAMED/[From "Dennis Dotson" <.ddotson@houston.rr.com>][Date Tue, 18 Jul 2000 13:45:57 -0500]/text/[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Sun, 27 Feb 2000 13:27:00 -0600]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx/[From "Roy Durfee" <rfdj@unm.edu>][Date Tue, 22 Feb 2000 16:56:23 -0700]/UNNAMED/[From "Dennis Dotson" <.ddotson@houston.rr.com>][Date Tue, 18 Jul 2000 13:45:57 -0500]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx/[From "Roy Durfee" <rfdj@unm.edu>][Date Tue, 22 Feb 2000 16:56:23 -0700]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx Mail Berkeley mbox: infected - 5 skipped
C:\Old Dell\Eudora\In.mbx.001/[From mpaffrath@prairieschool.com (Mark Paffrath)][Date Tue, 14 Mar 2000 12:39:37 -0600]/text/[From Richard Sudhalter <rms@panix.com>][Date Thu, 16 Mar 2000 01:17:26 -0500 (EST)]/text/[From Mammo88@aol.com][Date Thu, 6 Apr 2000 15:46:48 EDT]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx.001/[From mpaffrath@prairieschool.com (Mark Paffrath)][Date Tue, 14 Mar 2000 12:39:37 -0600]/text/[From Richard Sudhalter <rms@panix.com>][Date Thu, 16 Mar 2000 01:17:26 -0500 (EST)]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx.001/[From mpaffrath@prairieschool.com (Mark Paffrath)][Date Tue, 14 Mar 2000 12:39:37 -0600]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx.001/[From Bill Kirchner <kirch@mindspring.com>][Date Sat, 15 Apr 2000 10:25:32 -0400 (EDT)]/text/[From Laprov@aol.com][Date Sun, 16 Apr 2000 23:42:51 EDT]/text/[From "Angela" <deniro@dellnet.com>][Date Mon, 17 Apr 2000 20:42:59 -0400]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx.001/[From Bill Kirchner <kirch@mindspring.com>][Date Sat, 15 Apr 2000 10:25:32 -0400 (EDT)]/text/[From Laprov@aol.com][Date Sun, 16 Apr 2000 23:42:51 EDT]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx.001/[From Bill Kirchner <kirch@mindspring.com>][Date Sat, 15 Apr 2000 10:25:32 -0400 (EDT)]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx.001/[From "Walsh, Fran" <FWalsh@UMCOM.UMC.ORG>][Date Thu, 20 Apr 2000 12:38:03 -0500]/text/[From Blankenwitch@aol.com][Date Mon, 24 Apr 2000 10:05:56 EDT]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx.001/[From "Walsh, Fran" <FWalsh@UMCOM.UMC.ORG>][Date Thu, 20 Apr 2000 12:38:03 -0500]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx.001/[From Murray Grodner <murraygrodner@yahoo.com>][Date Sun, 13 Aug 2000 13:48:40 -0700 (PDT)]/text/[From "Colette" <colette@challenge.nl>][Date Fri, 18 Aug 2000 19:53:52 +0200]/UNNAMED/[From Patsybruce@aol.com][Date Fri, 18 Aug 2000 21:33:03 EDT]/text/[From "Jenna Sanders" <jenna@steelsphere.com>][Date Fri, 18 Aug 2000 23:50:22 -0400]/text/[From "Jenna Sanders" <jenna@steelsphere.com>][D ... /[Fr ... /[From "Li-Zung Lin" <llin@mail.state.tn.us>][Date Mon, 21 Aug 2000 08:41:14 -0500]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx.001/[From Murray Grodner <murraygrodner@yahoo.com>][Date Sun, 13 Aug 2000 13:48:40 -0700 (PDT)]/text/[From "Colette" <colette@challenge.nl>][Date Fri, 18 Aug 2000 19:53:52 +0200]/UNNAMED/[From Patsybruce@aol.com][Date Fri, 18 Aug 2000 21:33:03 EDT]/text/[From "Jenna Sanders" <jenna@steelsphere.com>][Date Fri, 18 Aug 2000 23:50:22 -0400]/text/[From "Jenna Sanders" <jenna@steelsphere.com>][D ... /[From "Jerry Narramore" <jnarramore2@mail.state.tn.us>][Date Mon, 21 Aug 2000 08:28:08 -0500]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx.001/[From Murray Grodner <murraygrodner@yahoo.com>][Date Sun, 13 Aug 2000 13:48:40 -0700 (PDT)]/text/[From "Colette" <colette@challenge.nl>][Date Fri, 18 Aug 2000 19:53:52 +0200]/UNNAMED/[From Patsybruce@aol.com][Date Fri, 18 Aug 2000 21:33:03 EDT]/text/[From "Jenna Sanders" <jenna@steelsphere.com>][Date Fri, 18 Aug 2000 23:50:22 -0400]/text/[From "Jenna Sanders" <jenna@steelsphere.com>][Date Fri ... /[From "Jenna Sanders" <jenna@steelsphere.com>][Date Mon, 21 Aug 2000 09:06:28 -0400]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx.001/[From Murray Grodner <murraygrodner@yahoo.com>][Date Sun, 13 Aug 2000 13:48:40 -0700 (PDT)]/text/[From "Colette" <colette@challenge.nl>][Date Fri, 18 Aug 2000 19:53:52 +0200]/UNNAMED/[From Patsybruce@aol.com][Date Fri, 18 Aug 2000 21:33:03 EDT]/text/[From "Jenna Sanders" <jenna@steelsphere.com>][Date Fri, 18 Aug 2000 23:50:22 -0400]/text/[From "Jenna Sanders" <jenna@steelsphere.com>][Date Fri, 18 Au ... /[From Jennifer Chen <Jennifish2U@gmx.net>][Date Mon, 21 Aug 2000 13:03:32 +0200]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx.001/[From Murray Grodner <murraygrodner@yahoo.com>][Date Sun, 13 Aug 2000 13:48:40 -0700 (PDT)]/text/[From "Colette" <colette@challenge.nl>][Date Fri, 18 Aug 2000 19:53:52 +0200]/UNNAMED/[From Patsybruce@aol.com][Date Fri, 18 Aug 2000 21:33:03 EDT]/text/[From "Jenna Sanders" <jenna@steelsphere.com>][Date Fri, 18 Aug 2000 23:50:22 -0400]/text/[From "Jenna Sanders" <jenna@steelsphere.com>][Date Fri, 18 Aug 2000 23:51:13 -0400]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx.001/[From Murray Grodner <murraygrodner@yahoo.com>][Date Sun, 13 Aug 2000 13:48:40 -0700 (PDT)]/text/[From "Colette" <colette@challenge.nl>][Date Fri, 18 Aug 2000 19:53:52 +0200]/UNNAMED/[From Patsybruce@aol.com][Date Fri, 18 Aug 2000 21:33:03 EDT]/text/[From "Jenna Sanders" <jenna@steelsphere.com>][Date Fri, 18 Aug 2000 23:50:22 -0400]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx.001/[From Murray Grodner <murraygrodner@yahoo.com>][Date Sun, 13 Aug 2000 13:48:40 -0700 (PDT)]/text/[From "Colette" <colette@challenge.nl>][Date Fri, 18 Aug 2000 19:53:52 +0200]/UNNAMED/[From Patsybruce@aol.com][Date Fri, 18 Aug 2000 21:33:03 EDT]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx.001/[From Murray Grodner <murraygrodner@yahoo.com>][Date Sun, 13 Aug 2000 13:48:40 -0700 (PDT)]/text/[From "Colette" <colette@challenge.nl>][Date Fri, 18 Aug 2000 19:53:52 +0200]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx.001/[From Murray Grodner <murraygrodner@yahoo.com>][Date Sun, 13 Aug 2000 13:48:40 -0700 (PDT)]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Eudora\In.mbx.001 Mail Berkeley mbox: infected - 17 skipped
C:\Old Dell\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWay.d skipped
C:\Old Dell\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Old Dell\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Old Dell\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.d skipped
C:\Old Dell\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.d skipped
C:\Old Dell\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Old Dell\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0A7648AC.TMP Infected: Email-Worm.Win32.NetSky.t skipped
C:\Old Dell\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\1D7070C0.TMP Infected: Email-Worm.Win32.Bagle.s skipped
C:\Old Dell\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\24B869C8.TMP/puueblp.exe Suspicious: Password-protected-EXE skipped
C:\Old Dell\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\24B869C8.TMP ZIP: suspicious - 1 skipped
C:\Old Dell\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\24B869C8.TMP Crypt.Quarantine: suspicious - 1 skipped
C:\Old Dell\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\42485309.TMP Infected: Email-Worm.Win32.NetSky.q skipped
C:\Old Dell\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5A70259B.TMP Infected: Email-Worm.Win32.NetSky.d skipped
C:\Old Dell\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\61AB3185.TMP Infected: Email-Worm.Win32.Bagle.j skipped
C:\Old Dell\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\78BE78C5.TMP Infected: Email-Worm.Win32.NetSky.d skipped
C:\Old Dell\Program Files\Qualcomm\Eudora Mail\Attach\yourregistration.com Infected: Email-Worm.Win32.Sober.c.dat skipped
C:\Old Dell\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx/[From "Nolie" <zunino@cdg.chalmers.se>][Date Thu, 28 Dec 2000 15:01:53 -1800]/html/[From Oboelover35@aol.com][Date Wed, 24 Oct 2001 19:56:52 EDT]/text/[From Randy Horton <rhorton@behrpaint.com>][Date Thu, 28 Dec 2000 15:07:15 -0800]/text/[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Tue, 1 Feb 2000 18:59:19 -0600]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx/[From "Nolie" <zunino@cdg.chalmers.se>][Date Thu, 28 Dec 2000 15:01:53 -1800]/html/[From Oboelover35@aol.com][Date Wed, 24 Oct 2001 19:56:52 EDT]/text/[From Randy Horton <rhorton@behrpaint.com>][Date Thu, 28 Dec 2000 15:07:15 -0800]/text/[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Tue, 3 Oct 2000 21:03:52 -0500]/UNNAMED/[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Wed, 4 Oct 2000 15:59:43 ... /[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Sun, 27 Feb 2000 13:27:00 -0600]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx/[From "Nolie" <zunino@cdg.chalmers.se>][Date Thu, 28 Dec 2000 15:01:53 -1800]/html/[From Oboelover35@aol.com][Date Wed, 24 Oct 2001 19:56:52 EDT]/text/[From Randy Horton <rhorton@behrpaint.com>][Date Thu, 28 Dec 2000 15:07:15 -0800]/text/[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Tue, 3 Oct 2000 21:03:52 -0500]/UNNAMED/[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Wed, 4 Oct 2000 15:59:43 ... /[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Mon, 30 Oct 2000 14:23:02 -0600]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx/[From "Nolie" <zunino@cdg.chalmers.se>][Date Thu, 28 Dec 2000 15:01:53 -1800]/html/[From Oboelover35@aol.com][Date Wed, 24 Oct 2001 19:56:52 EDT]/text/[From Randy Horton <rhorton@behrpaint.com>][Date Thu, 28 Dec 2000 15:07:15 -0800]/text/[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Tue, 3 Oct 2000 21:03:52 -0500]/UNNAMED/[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Wed, 4 Oct 2000 15:59:43 -0500]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx/[From "Nolie" <zunino@cdg.chalmers.se>][Date Thu, 28 Dec 2000 15:01:53 -1800]/html/[From Oboelover35@aol.com][Date Wed, 24 Oct 2001 19:56:52 EDT]/text/[From Randy Horton <rhorton@behrpaint.com>][Date Thu, 28 Dec 2000 15:07:15 -0800]/text/[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Tue, 3 Oct 2000 21:03:52 -0500]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx/[From "Nolie" <zunino@cdg.chalmers.se>][Date Thu, 28 Dec 2000 15:01:53 -1800]/html/[From Oboelover35@aol.com][Date Wed, 24 Oct 2001 19:56:52 EDT]/text/[From Randy Horton <rhorton@behrpaint.com>][Date Thu, 28 Dec 2000 15:07:15 -0800]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx/[From "Nolie" <zunino@cdg.chalmers.se>][Date Thu, 28 Dec 2000 15:01:53 -1800]/html/[From Oboelover35@aol.com][Date Wed, 24 Oct 2001 19:56:52 EDT]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx/[From "Nolie" <zunino@cdg.chalmers.se>][Date Thu, 28 Dec 2000 15:01:53 -1800]/html Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx Mail Berkeley mbox: infected - 8 skipped
C:\Old Dell\Temp\Qualcomm\Eudora Mail\in.mbx/[From Ahjeburn@aol.com][Date Tue, 3 Apr 2001 21:40:40 EDT]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Temp\Qualcomm\Eudora Mail\in.mbx/[From Randall Himes <rhimes@aftra.com>][Date Tue, 3 Oct 2000 16:36:45 -0400]/text/[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Sun, 27 Feb 2000 13:27:00 -0600]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Temp\Qualcomm\Eudora Mail\in.mbx/[From Randall Himes <rhimes@aftra.com>][Date Tue, 3 Oct 2000 16:36:45 -0400]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Old Dell\Temp\Qualcomm\Eudora Mail\in.mbx Mail Berkeley mbox: infected - 3 skipped
C:\Old Dell\WINDOWS\SYSTEM\windialup\2524\windialup.exe Infected: not-a-virus:Porn-Dialer.Win32.RTSMini skipped
C:\Old Dell\WINDOWS\SYSTEM\windialup\2673\windialup.exe Infected: not-a-virus:Porn-Dialer.Win32.RTSMini skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Savrt\0764NAV~.TMP Object is locked skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Savrt\0864NAV~.TMP Object is locked skipped
C:\Program Files\Qualcomm\Eudora Mail\Attach\yourregistration.com Infected: Email-Worm.Win32.Sober.c.dat skipped
C:\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx/[From "Nolie" <zunino@cdg.chalmers.se>][Date Thu, 28 Dec 2000 15:01:53 -1800]/html/[From Oboelover35@aol.com][Date Wed, 24 Oct 2001 19:56:52 EDT]/text/[From Randy Horton <rhorton@behrpaint.com>][Date Thu, 28 Dec 2000 15:07:15 -0800]/text/[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Tue, 1 Feb 2000 18:59:19 -0600]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx/[From "Nolie" <zunino@cdg.chalmers.se>][Date Thu, 28 Dec 2000 15:01:53 -1800]/html/[From Oboelover35@aol.com][Date Wed, 24 Oct 2001 19:56:52 EDT]/text/[From Randy Horton <rhorton@behrpaint.com>][Date Thu, 28 Dec 2000 15:07:15 -0800]/text/[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Tue, 3 Oct 2000 21:03:52 -0500]/UNNAMED/[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Wed, 4 Oct 2000 15:59:43 ... /[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Sun, 27 Feb 2000 13:27:00 -0600]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx/[From "Nolie" <zunino@cdg.chalmers.se>][Date Thu, 28 Dec 2000 15:01:53 -1800]/html/[From Oboelover35@aol.com][Date Wed, 24 Oct 2001 19:56:52 EDT]/text/[From Randy Horton <rhorton@behrpaint.com>][Date Thu, 28 Dec 2000 15:07:15 -0800]/text/[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Tue, 3 Oct 2000 21:03:52 -0500]/UNNAMED/[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Wed, 4 Oct 2000 15:59:43 ... /[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Mon, 30 Oct 2000 14:23:02 -0600]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx/[From "Nolie" <zunino@cdg.chalmers.se>][Date Thu, 28 Dec 2000 15:01:53 -1800]/html/[From Oboelover35@aol.com][Date Wed, 24 Oct 2001 19:56:52 EDT]/text/[From Randy Horton <rhorton@behrpaint.com>][Date Thu, 28 Dec 2000 15:07:15 -0800]/text/[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Tue, 3 Oct 2000 21:03:52 -0500]/UNNAMED/[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Wed, 4 Oct 2000 15:59:43 -0500]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx/[From "Nolie" <zunino@cdg.chalmers.se>][Date Thu, 28 Dec 2000 15:01:53 -1800]/html/[From Oboelover35@aol.com][Date Wed, 24 Oct 2001 19:56:52 EDT]/text/[From Randy Horton <rhorton@behrpaint.com>][Date Thu, 28 Dec 2000 15:07:15 -0800]/text/[From "rdonnelly_1" <rdonnelly_1@msn.com>][Date Tue, 3 Oct 2000 21:03:52 -0500]/UNNAMED Infected: Email-Worm.VBS.KakWorm skipped
C:\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx/[From "Nolie" <zunino@cdg.chalmers.se>][Date Thu, 28 Dec 2000 15:01:53 -1800]/html/[From Oboelover35@aol.com][Date Wed, 24 Oct 2001 19:56:52 EDT]/text/[From Randy Horton <rhorton@behrpaint.com>][Date Thu, 28 Dec 2000 15:07:15 -0800]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx/[From "Nolie" <zunino@cdg.chalmers.se>][Date Thu, 28 Dec 2000 15:01:53 -1800]/html/[From Oboelover35@aol.com][Date Wed, 24 Oct 2001 19:56:52 EDT]/text Infected: Email-Worm.VBS.KakWorm skipped
C:\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx/[From "Nolie" <zunino@cdg.chalmers.se>][Date Thu, 28 Dec 2000 15:01:53 -1800]/html Infected: Email-Worm.VBS.KakWorm skipped
C:\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx Mail Berkeley mbox: infected - 8 skipped
C:\RECYCLER\NPROTECT\00389693.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00389694.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00389698.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00389699.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00389703.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00389704.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00389718.lo5 Object is locked skipped
C:\RECYCLER\NPROTECT\00389719.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389720.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389722.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389723.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389733.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389734.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389744.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389745.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389746.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389747.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389762.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389763.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389764.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389765.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389776.lo5 Object is locked skipped
C:\RECYCLER\NPROTECT\00389777.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389778.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389780.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389781.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389783.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00389784.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389785.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389787.lo_ Object is locked skipped
C:\RECYCLER\NPROTECT\00389789.ldb Object is locked skipped
C:\RECYCLER\NPROTECT\00389796.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389797.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389798.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389799.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389817.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389818.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389819.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389820.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389821.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389822.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389823.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389824.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389825.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389826.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389827.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389828.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389829.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389830.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389831.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389832.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389833.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389834.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389835.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389836.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389837.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00389862.lo5 Object is locked skipped
C:\RECYCLER\NPROTECT\00389863.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389864.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389866.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389867.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389869.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00389870.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389871.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389873.ldb Object is locked skipped
C:\RECYCLER\NPROTECT\00389882.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389883.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389884.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389885.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389902.SOL Object is locked skipped
C:\RECYCLER\NPROTECT\00389909.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00389910.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389911.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389912.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389913.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389914.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389915.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389916.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389917.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389918.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389919.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389920.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389921.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389922.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389923.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389924.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389925.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389926.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389927.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389928.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389929.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389930.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389931.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389932.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389933.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389934.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389935.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389936.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389937.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00389946.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00389947.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00389958.SOL Object is locked skipped
C:\RECYCLER\NPROTECT\00389973.SOL Object is locked skipped
C:\RECYCLER\NPROTECT\00389979.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389980.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389981.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389982.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389993.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389994.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389996.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389997.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00389999.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390000.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390002.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390003.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390005.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390006.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390008.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390009.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390011.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390012.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390014.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390015.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390017.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390018.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390020.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390021.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390024.lo5 Object is locked skipped
C:\RECYCLER\NPROTECT\00390025.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390026.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390029.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390030.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00390031.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390034.ldb Object is locked skipped
C:\RECYCLER\NPROTECT\00390040.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390043.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390044.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390045.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390053.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390054.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390056.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390057.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390059.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390060.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390062.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390063.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390065.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390066.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390068.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390069.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390071.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390072.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390074.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390075.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390177.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390178.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390180.MSP Object is locked skipped
C:\RECYCLER\NPROTECT\00390181.MSP Object is locked skipped
C:\RECYCLER\NPROTECT\00390182.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390183.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390185.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390186.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390188.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390189.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390191.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390192.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390194.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390195.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390196.ldb Object is locked skipped
C:\RECYCLER\NPROTECT\00390208.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00390216.SOL Object is locked skipped
C:\RECYCLER\NPROTECT\00390217.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00390218.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00390219.CAB Object is locked skipped
C:\RECYCLER\NPROTECT\00390220.SOL Object is locked skipped
C:\RECYCLER\NPROTECT\00390223.SOL Object is locked skipped
C:\RECYCLER\NPROTECT\00390228.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00390229.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390230.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390231.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390232.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390233.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390234.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390236.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00390237.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00390245.SOL Object is locked skipped
C:\RECYCLER\NPROTECT\00390262.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00390263.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00390264.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00390272.SOL Object is locked skipped
C:\RECYCLER\NPROTECT\00390297.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390308.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390316.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390319.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390323.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390326.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390327.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390329.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390333.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390340.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00390353.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390354.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390356.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390357.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390358.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390359.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390360.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390361.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390362.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390363.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390397.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00390398.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00390402.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00390403.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00390413 Object is locked skipped
C:\RECYCLER\NPROTECT\00390427.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390428.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390438.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390439.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390440.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390441.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390442.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390444.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390458.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390461.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390463.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00390471.ldb Object is locked skipped
C:\RECYCLER\NPROTECT\00390486.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00390487.log Object is locked skipped
C:\RECYCLER\NPROTECT\00390488.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00390489.epf Object is locked skipped
C:\RECYCLER\NPROTECT\00390490.epf Object is locked skipped
C:\RECYCLER\NPROTECT\00390491.epf Object is locked skipped
C:\RECYCLER\NPROTECT\00390492.epf Object is locked skipped
C:\RECYCLER\NPROTECT\00390493.epf Object is locked skipped
C:\RECYCLER\NPROTECT\00390494.epf Object is locked skipped
C:\RECYCLER\NPROTECT\00390496.log Object is locked skipped
C:\RECYCLER\NPROTECT\00390497.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390498.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390499.log Object is locked skipped
C:\RECYCLER\NPROTECT\00390500.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00390507.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00390508.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390509.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390510.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390511.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390512.XFE Object is locked skipped
C:\RECYCLER\NPROTECT\00390513.XFE Object is locked skipped
C:\RECYCLER\NPROTECT\00390519.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00390520.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00390521.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00390549.GIF Object is locked skipped
C:\RECYCLER\NPROTECT\00390550.gif Object is locked skipped
C:\RECYCLER\NPROTECT\00390551.gif Object is locked skipped
C:\RECYCLER\NPROTECT\00390552.css Object is locked skipped
C:\RECYCLER\NPROTECT\00390553.gif Object is locked skipped
C:\RECYCLER\NPROTECT\00390554.GIF Object is locked skipped
C:\RECYCLER\NPROTECT\00390555.GIF Object is locked skipped
C:\RECYCLER\NPROTECT\00390556.GIF Object is locked skipped
C:\RECYCLER\NPROTECT\00390557.JPG Object is locked skipped
C:\RECYCLER\NPROTECT\00390558.GIF Object is locked skipped
C:\RECYCLER\NPROTECT\00390559.gif Object is locked skipped
C:\RECYCLER\NPROTECT\00390560.GIF Object is locked skipped
C:\RECYCLER\NPROTECT\00390561.gif Object is locked skipped
C:\RECYCLER\NPROTECT\00390562.chm Object is locked skipped
C:\RECYCLER\NPROTECT\00390563.PNG Object is locked skipped
C:\RECYCLER\NPROTECT\00390564.png Object is locked skipped
C:\RECYCLER\NPROTECT\00390565.XFU Object is locked skipped
C:\RECYCLER\NPROTECT\00390566.css Object is locked skipped
C:\RECYCLER\NPROTECT\00390567.chm Object is locked skipped
C:\RECYCLER\NPROTECT\00390568.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00390569.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00390570.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00390571.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00390572.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00390573.CHM Object is locked skipped
C:\RECYCLER\NPROTECT\00390574.XFU Object is locked skipped
C:\RECYCLER\NPROTECT\00390575.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00390576.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00390577.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00390578.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00390579.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00390580.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00390581.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390582.tpl Object is locked skipped
C:\RECYCLER\NPROTECT\00390583.tpl Object is locked skipped
C:\RECYCLER\NPROTECT\00390584.tpl Object is locked skipped
C:\RECYCLER\NPROTECT\00390585.tpl Object is locked skipped
C:\RECYCLER\NPROTECT\00390586.tpl Object is locked skipped
C:\RECYCLER\NPROTECT\00390587.tpl Object is locked skipped
C:\RECYCLER\NPROTECT\00390588.tpl Object is locked skipped
C:\RECYCLER\NPROTECT\00390589.tpl Object is locked skipped
C:\RECYCLER\NPROTECT\00390590.tpl Object is locked skipped
C:\RECYCLER\NPROTECT\00390591.tpl Object is locked skipped
C:\RECYCLER\NPROTECT\00390592.tpl Object is locked skipped
C:\RECYCLER\NPROTECT\00390593.TPL Object is locked skipped
C:\RECYCLER\NPROTECT\00390594.TPL Object is locked skipped
C:\RECYCLER\NPROTECT\00390595.TPL Object is locked skipped
C:\RECYCLER\NPROTECT\00390596.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390597.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390598.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390599.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390600.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390601.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390602.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390603.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390604.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390605.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390606.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390607.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390608.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390609.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390610.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390611.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390612.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390613.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390614.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390615.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390616.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390617.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390618.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390619.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390620.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390621.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390622.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390623.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390624.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390625.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390626.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390627.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390628.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390629.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390630.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390631.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390632.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390633.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390634.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390635.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390636.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390637.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390638.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390639.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390640.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390641.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390642.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390643.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390644.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390645.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390646.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390647.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390648.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390649.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390650.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390651.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390652.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390653.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390654.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390655.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390656.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390657.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390658.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390659.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390660.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390661.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390662.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390663.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390664.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390665.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390666.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390667.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390668.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390669.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390670.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390671.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390672.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390673.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390674.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390675.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390676.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390677.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390678.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390679.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390680.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390681.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390682.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390683.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390684.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390685.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00390693.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00390694.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00390695.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00390696.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00390697.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00390698.log Object is locked skipped
C:\RECYCLER\NPROTECT\00390699.log Object is locked skipped
C:\RECYCLER\NPROTECT\00390700.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00390701.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00390702.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00390703.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00390704.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00390705.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00390706.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00390707.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00390708.log Object is locked skipped
C:\RECYCLER\NPROTECT\00390709.log Object is locked skipped
C:\RECYCLER\NPROTECT\00390710.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00390711.tlb Object is locked skipped
C:\RECYCLER\NPROTECT\00390712.avi Object is locked skipped
C:\RECYCLER\NPROTECT\00390713.htm Object is locked skipped
C:\RECYCLER\NPROTECT\00390714.htm Object is locked skipped
C:\RECYCLER\NPROTECT\00390715.TLB Object is locked skipped
C:\RECYCLER\NPROTECT\00390716.htm Object is locked skipped
C:\RECYCLER\NPROTECT\00390717.XFE Object is locked skipped
C:\RECYCLER\NPROTECT\00390718.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00390719.CSV Object is locked skipped
C:\RECYCLER\NPROTECT\00390720.cha Object is locked skipped
C:\RECYCLER\NPROTECT\00390721.ary Object is locked skipped
C:\RECYCLER\NPROTECT\00390722.cha Object is locked skipped
C:\RECYCLER\NPROTECT\00390723.cha Object is locked skipped
C:\RECYCLER\NPROTECT\00390724.cha Object is locked skipped
C:\RECYCLER\NPROTECT\00390725.cha Object is locked skipped
C:\RECYCLER\NPROTECT\00390726.cha Object is locked skipped
C:\RECYCLER\NPROTECT\00390727 Object is locked skipped
C:\RECYCLER\NPROTECT\00390728.int Object is locked skipped
C:\RECYCLER\NPROTECT\00390729.pat Object is locked skipped
C:\RECYCLER\NPROTECT\00390730 Object is locked skipped
C:\RECYCLER\NPROTECT\00390731.icg Object is locked skipped
C:\RECYCLER\NPROTECT\00390732.XFE Object is locked skipped
C:\RECYCLER\NPROTECT\00390733.XFE Object is locked skipped
C:\RECYCLER\NPROTECT\00390734.XFE Object is locked skipped
C:\RECYCLER\NPROTECT\00390735.XFE Object is locked skipped
C:\RECYCLER\NPROTECT\00390736 Object is locked skipped
C:\RECYCLER\NPROTECT\00390737.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00390738.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00390739.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00390740.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00390749.IDX Object is locked skipped
C:\RECYCLER\NPROTECT\00390750.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390751.IDX Object is locked skipped
C:\RECYCLER\NPROTECT\00390752.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390753.IDX Object is locked skipped
C:\RECYCLER\NPROTECT\00390754.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390755.IDX Object is locked skipped
C:\RECYCLER\NPROTECT\00390756.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390757.IDX Object is locked skipped
C:\RECYCLER\NPROTECT\00390758.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390759.lo5 Object is locked skipped
C:\RECYCLER\NPROTECT\00390760.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00390761.ICO Object is locked skipped
C:\RECYCLER\NPROTECT\00390762.ico Object is locked skipped
C:\RECYCLER\NPROTECT\00390763.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00390764.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390765.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390766.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390767.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390768.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390769.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390770.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390771.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00390772.jpg Object is locked skipped
C:\RECYCLER\NPROTECT\00390773.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390774.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00390775.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390776.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00390777.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390778.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390779.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390780.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390781.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00390782.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390783.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00390784.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390785.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00390786.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390787.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00390788.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390789.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390790.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390791.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390792.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390793.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390794.GIF Object is locked skipped
C:\RECYCLER\NPROTECT\00390795.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390796.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390797.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390798.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390799.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390800.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390801.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390802.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00390803.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390804.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00390805.ico Object is locked skipped
C:\RECYCLER\NPROTECT\00390806.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00390807.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00390808.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390809.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00390810.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390811.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00390812.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390813.db Object is locked skipped
C:\RECYCLER\NPROTECT\00390814.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00390815.scc Object is locked skipped
C:\RECYCLER\NPROTECT\00390816.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390817.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390818.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00390820.ldb Object is locked skipped
C:\RECYCLER\NPROTECT\00390829.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390830.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390832.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390833.E
JimFerguson06
Active Member
 
Posts: 12
Joined: December 24th, 2006, 7:51 pm

Unread postby beynac » December 27th, 2006, 4:12 pm

I think that your post got cut off because it was too long. Please post the rest of the Kaspersky report (from the cut-off point) and the HijackThis log.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby JimFerguson06 » December 27th, 2006, 4:44 pm

I picked it up here.

C:\RECYCLER\NPROTECT\00390829.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390830.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390832.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390833.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390836.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390837.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390846.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390847.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390848.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00390851.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390852.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390854.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390855.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390857.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390858.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390860.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390861.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390863.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390864.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390866.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390867.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390868.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390869.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390870.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390871.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390872.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390873.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390874.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390875.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390876.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390877.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390878.lo5 Object is locked skipped
C:\RECYCLER\NPROTECT\00390882.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390883.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390885.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390886.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390888.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390889.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390890.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390891.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390894.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390896.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00390897.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00390899.ldb Object is locked skipped
C:\RECYCLER\NPROTECT\00390906.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390907.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390909.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390910.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390925.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00390930.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390931.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390933.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390934.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390936.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390937.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390939.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390940.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390942.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390943.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390945.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390946.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390948.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390949.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390953.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390954.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390956.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390957.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390959.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390960.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390964.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390965.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390967.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390968.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00390969.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00390970.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00390971.CAB Object is locked skipped
C:\RECYCLER\NPROTECT\00390994.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390996.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00390998.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391001.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391005.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391006.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391007.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391009.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391011.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391012.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391021.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391022.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391023.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391024.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391031.lo5 Object is locked skipped
C:\RECYCLER\NPROTECT\00391035.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391036.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391037.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391038.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391041.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391042.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391043.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391044.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391059.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391060.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391133.lo5 Object is locked skipped
C:\RECYCLER\NPROTECT\00391137.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391138.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391140.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391141.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391145.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391146.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391147.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391148.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391151.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00391153.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391155.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391158.ldb Object is locked skipped
C:\RECYCLER\NPROTECT\00391175.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00391176.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00391177.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00391184.SOL Object is locked skipped
C:\RECYCLER\NPROTECT\00391187.ldb Object is locked skipped
C:\RECYCLER\NPROTECT\00391195.cab Object is locked skipped
C:\RECYCLER\NPROTECT\00391202.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00391251.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391252.VXD Object is locked skipped
C:\RECYCLER\NPROTECT\00391253.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00391254 Object is locked skipped
C:\RECYCLER\NPROTECT\00391255.EXP Object is locked skipped
C:\RECYCLER\NPROTECT\00391256.SYS Object is locked skipped
C:\RECYCLER\NPROTECT\00391257.VXD Object is locked skipped
C:\RECYCLER\NPROTECT\00391258.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00391259.EXP Object is locked skipped
C:\RECYCLER\NPROTECT\00391260.SYS Object is locked skipped
C:\RECYCLER\NPROTECT\00391261.VXD Object is locked skipped
C:\RECYCLER\NPROTECT\00391262.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00391263.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00391264.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391265.CAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391266.INF Object is locked skipped
C:\RECYCLER\NPROTECT\00391267.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391268.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391269.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391270.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391271.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00391272.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391273.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391274.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391275.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391276.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391277.GRD Object is locked skipped
C:\RECYCLER\NPROTECT\00391278.SIG Object is locked skipped
C:\RECYCLER\NPROTECT\00391279.INF Object is locked skipped
C:\RECYCLER\NPROTECT\00391280.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391281.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391282.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391283.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391284.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391285.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391286.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391287.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391288.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391289.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391290.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00391291.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391296.BIN Object is locked skipped
C:\RECYCLER\NPROTECT\00391297.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00391307.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00391308.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00391309.CAB Object is locked skipped
C:\RECYCLER\NPROTECT\00391318 Object is locked skipped
C:\RECYCLER\NPROTECT\00391319.1 Object is locked skipped
C:\RECYCLER\NPROTECT\00391320.2 Object is locked skipped
C:\RECYCLER\NPROTECT\00391321.3 Object is locked skipped
C:\RECYCLER\NPROTECT\00391322.4 Object is locked skipped
C:\RECYCLER\NPROTECT\00391323.5 Object is locked skipped
C:\RECYCLER\NPROTECT\00391324.6 Object is locked skipped
C:\RECYCLER\NPROTECT\00391325.7 Object is locked skipped
C:\RECYCLER\NPROTECT\00391326.8 Object is locked skipped
C:\RECYCLER\NPROTECT\00391327.9 Object is locked skipped
C:\RECYCLER\NPROTECT\00391328.a Object is locked skipped
C:\RECYCLER\NPROTECT\00391329.b Object is locked skipped
C:\RECYCLER\NPROTECT\00391330.c Object is locked skipped
C:\RECYCLER\NPROTECT\00391331.d Object is locked skipped
C:\RECYCLER\NPROTECT\00391332.e Object is locked skipped
C:\RECYCLER\NPROTECT\00391333.f Object is locked skipped
C:\RECYCLER\NPROTECT\00391334.g Object is locked skipped
C:\RECYCLER\NPROTECT\00391335.h Object is locked skipped
C:\RECYCLER\NPROTECT\00391336.i Object is locked skipped
C:\RECYCLER\NPROTECT\00391337.j Object is locked skipped
C:\RECYCLER\NPROTECT\00391338.k Object is locked skipped
C:\RECYCLER\NPROTECT\00391339.l Object is locked skipped
C:\RECYCLER\NPROTECT\00391340.m Object is locked skipped
C:\RECYCLER\NPROTECT\00391341.n Object is locked skipped
C:\RECYCLER\NPROTECT\00391342.o Object is locked skipped
C:\RECYCLER\NPROTECT\00391343.p Object is locked skipped
C:\RECYCLER\NPROTECT\00391344.q Object is locked skipped
C:\RECYCLER\NPROTECT\00391345.r Object is locked skipped
C:\RECYCLER\NPROTECT\00391346.s Object is locked skipped
C:\RECYCLER\NPROTECT\00391347.t Object is locked skipped
C:\RECYCLER\NPROTECT\00391348.u Object is locked skipped
C:\RECYCLER\NPROTECT\00391349.v Object is locked skipped
C:\RECYCLER\NPROTECT\00391350.10 Object is locked skipped
C:\RECYCLER\NPROTECT\00391351.11 Object is locked skipped
C:\RECYCLER\NPROTECT\00391352.12 Object is locked skipped
C:\RECYCLER\NPROTECT\00391353.13 Object is locked skipped
C:\RECYCLER\NPROTECT\00391354.14 Object is locked skipped
C:\RECYCLER\NPROTECT\00391355.15 Object is locked skipped
C:\RECYCLER\NPROTECT\00391356.16 Object is locked skipped
C:\RECYCLER\NPROTECT\00391357.17 Object is locked skipped
C:\RECYCLER\NPROTECT\00391358.18 Object is locked skipped
C:\RECYCLER\NPROTECT\00391359.19 Object is locked skipped
C:\RECYCLER\NPROTECT\00391360.1a Object is locked skipped
C:\RECYCLER\NPROTECT\00391361.1b Object is locked skipped
C:\RECYCLER\NPROTECT\00391362.1c Object is locked skipped
C:\RECYCLER\NPROTECT\00391363.1d Object is locked skipped
C:\RECYCLER\NPROTECT\00391364.1e Object is locked skipped
C:\RECYCLER\NPROTECT\00391365.1f Object is locked skipped
C:\RECYCLER\NPROTECT\00391366.1g Object is locked skipped
C:\RECYCLER\NPROTECT\00391367.1h Object is locked skipped
C:\RECYCLER\NPROTECT\00391368.1i Object is locked skipped
C:\RECYCLER\NPROTECT\00391369.1j Object is locked skipped
C:\RECYCLER\NPROTECT\00391370.1k Object is locked skipped
C:\RECYCLER\NPROTECT\00391371.1l Object is locked skipped
C:\RECYCLER\NPROTECT\00391372.1m Object is locked skipped
C:\RECYCLER\NPROTECT\00391378.1n Object is locked skipped
C:\RECYCLER\NPROTECT\00391379.1o Object is locked skipped
C:\RECYCLER\NPROTECT\00391380.1p Object is locked skipped
C:\RECYCLER\NPROTECT\00391382.1q Object is locked skipped
C:\RECYCLER\NPROTECT\00391383.1r Object is locked skipped
C:\RECYCLER\NPROTECT\00391384.1s Object is locked skipped
C:\RECYCLER\NPROTECT\00391411.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391412.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391417.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391421.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391422.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391424.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391425.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391427.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391428.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391430.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391431.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391433.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391434.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391436.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391437.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391439.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391440.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391442.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391443.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391445.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391446.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391448.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391449.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391451.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391452.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391459.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391460.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391464.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391465.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391492.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391493.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391494.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391495.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391496.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391497.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391498.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391499.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391500.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391501.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391502.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391503.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391504.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391505.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391506.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391507.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391508.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391509.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391547.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391548.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391550.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391551.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391554.TRA Object is locked skipped
C:\RECYCLER\NPROTECT\00391559.SOL Object is locked skipped
C:\RECYCLER\NPROTECT\00391568.SOL Object is locked skipped
C:\RECYCLER\NPROTECT\00391570.SOL Object is locked skipped
C:\RECYCLER\NPROTECT\00391583.SOL Object is locked skipped
C:\RECYCLER\NPROTECT\00391601.lo5 Object is locked skipped
C:\RECYCLER\NPROTECT\00391605.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391606.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391608.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391609.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391612.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391613.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391614.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391615.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391621.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391622.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00391623.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391628.ldb Object is locked skipped
C:\RECYCLER\NPROTECT\00391652.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391667.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391671.SOL Object is locked skipped
C:\RECYCLER\NPROTECT\00391678.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391679.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391680.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391681.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391691.lo5 Object is locked skipped
C:\RECYCLER\NPROTECT\00391695.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391696.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391698.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391699.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391702.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391703.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391704.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391705.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391709.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391710.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00391713.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391714.ldb Object is locked skipped
C:\RECYCLER\NPROTECT\00391737.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391738.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391740.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391741.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391748.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00391766.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00391767.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00391768.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00391769.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00391770.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00391771.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00391772.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00391773.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00391774.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00391775.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00391776.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00391799.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00391800.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00391801.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00391806.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00391807.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00391808.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00391809.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00391810.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00391811.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00391812.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00391813.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00391814.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00391815.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00391816.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00391817.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00391818.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00391819.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00391820.F3S Object is locked skipped
C:\RECYCLER\NPROTECT\00391821.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00391824.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00391825.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00391826.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00391827.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00391828.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00391829.ax Object is locked skipped
C:\RECYCLER\NPROTECT\00391830.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00391831.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00391832.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391833.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391835.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391836.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391842.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391843.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391844.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391845.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391847.lo5 Object is locked skipped
C:\RECYCLER\NPROTECT\00391851.EXB Object is locked skipped
C:\RECYCLER\NPROTECT\00391852.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391855.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391856.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391859.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00391860.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391861.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391862.ldb Object is locked skipped
C:\RECYCLER\NPROTECT\00391877.SOL Object is locked skipped
C:\RECYCLER\NPROTECT\00391886.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00391888.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00391889.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00391890.CAB Object is locked skipped
C:\RECYCLER\NPROTECT\00391892.lrd Object is locked skipped
C:\RECYCLER\NPROTECT\00391896.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00391897.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00391898.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00391905.SOL Object is locked skipped
C:\RECYCLER\NPROTECT\00391924.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391925.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391926.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391927.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391934.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391935.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391936.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391937.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391938.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391939.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391940.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391941.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00391945.SOL Object is locked skipped
C:\RECYCLER\NPROTECT\00391960.EXB Object is locked skipped
C:\RECYCLER\NPROTECT\00391961.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391962.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391963.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391966.lo5 Object is locked skipped
C:\RECYCLER\NPROTECT\00391970.EXB Object is locked skipped
C:\RECYCLER\NPROTECT\00391971.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391974.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391975.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00391978.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391979.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00391980.ldb Object is locked skipped
C:\RECYCLER\NPROTECT\00391981.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00391992.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00392001.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00392004.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00392005.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00392012.EXB Object is locked skipped
C:\RECYCLER\NPROTECT\00392013.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00392014.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00392015.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00392019.lo5 Object is locked skipped
C:\RECYCLER\NPROTECT\00392023.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00392024.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00392027.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00392028.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00392031.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00392032.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00392033.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00392034.ldb Object is locked skipped
C:\RECYCLER\NPROTECT\00392039.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00392040.lo5 Object is locked skipped
C:\RECYCLER\NPROTECT\00392044.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00392045.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00392048.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00392049.EXL Object is locked skipped
C:\RECYCLER\NPROTECT\00392052.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00392053.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00392054.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00392055.ldb Object is locked skipped
C:\RECYCLER\NPROTECT\00392078.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00392085.SOL Object is locked skipped
C:\RECYCLER\NPROTECT\00392089.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0304472.exe Infected: Trojan-Downloader.Win32.Zlob.bie skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0305378.exe Infected: Trojan-Downloader.Win32.Zlob.big skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0305379.exe Infected: Trojan-Downloader.Win32.Zlob.bih skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0305381.exe Infected: Trojan-Downloader.Win32.Zlob.bgi skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0305382.exe Infected: Trojan-Downloader.Win32.Zlob.bgi skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1188\A0305383.exe Infected: Trojan-Downloader.Win32.Zlob.bcv skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1190\A0305490.dll Infected: not-a-virus:FraudTool.Win32.WorldSecurityOnline.c skipped
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1192\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DFV PCI Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF Object is locked skipped

Scan process completed.
JimFerguson06
Active Member
 
Posts: 12
Joined: December 24th, 2006, 7:51 pm

Unread postby JimFerguson06 » December 27th, 2006, 4:45 pm

Logfile of HijackThis v1.99.1
Scan saved at 1:33:05 PM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\ProVenture\Billing Solution\tracker.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.netscape.com/index2.psp"); (C:\Documents and Settings\Jim Ferguson\Application Data\Mozilla\Profiles\default\5ifkak9c.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Jim Ferguson\Application Data\Mozilla\Profiles\default\5ifkak9c.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Tracker] "C:\ProVenture\Billing Solution\tracker.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MediafourGettingStartedWithMacDrive6] "C:\Program Files\Mediafour\MacDrive\MacDrive.exe" /runonce
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [IntelMeM] "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] "C:\Program Files\Digidesign\Drivers\MMERefresh.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AsioReg] "REGSVR32.EXE" /S CTASIO.DLL
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [CTDVDDet] "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId= ... lcid=0x409
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} - http://wdownload.weatherbug.com/minibug ... porter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZB ... b32846.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZP ... b32846.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb028.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7968985968
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h ... mDlBrg.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - http://liveca12.custhelp.com/7530-b327h ... a/RntX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O20 - Winlogon Notify: MacDrive-iTunes compatibility - C:\Program Files\Common Files\Mediafour\MacDriveiTunesPatch.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
JimFerguson06
Active Member
 
Posts: 12
Joined: December 24th, 2006, 7:51 pm

Unread postby beynac » December 27th, 2006, 5:17 pm

I'm looking through the logs you posted. In the meantime, could you please provide me with a list of the programs installed on your computer.

Please open HijackThis
  • Click on the Open the Misc Tools section button
  • Click on Open Uninstall Manager...
  • Click on Save List... (towards the bottom right)
  • Save the text file to a convenient location
Please post the text file as a reply to this thread.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby JimFerguson06 » December 27th, 2006, 11:25 pm

Here is the list of programs. Standing by...

Adobe Acrobat 5.0
Adobe Photoshop 7.0.1
Adobe Reader 7.0.8
APC PowerChute Personal Edition
ATI Control Panel
ATI Display Driver
AudibleManager
AVG Anti-Spyware 7.5
CC_ccProxyExt
ccCommon
CCleaner (remove only)
ccPxyCore
CheckIt Diagnostics
Classic PhoneTools
Comcast Rhapsody
Connection Keep Alive
Creative Mass Storage Drivers
Creative System Information
Creative Zen Nano Plus
CSI
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center
Dell Support 5.0.0 (766)
Digidesign Pro Tools® LE 6.9
Digidesign Shared Plug-Ins
Dolet Light for PrintMusic 2006
DVDSentry
Eudora
Eudora Pro Email
Finale PrintMusic 2006
GdiplusUpgrade
Google Earth
Google Toolbar for Internet Explorer
Greetings Workshop
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Home Improvement 1-2-3
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
HP Software Update
ICQ Toolbar
ICQ 5.1
Intel(R) 537EP V9x DFV PCI Modem
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet
Internet Explorer Default Page
Internet Worm Protection
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Kaspersky Online Scanner
Law & Order Justice is Served
Law & Order: Dead on the Money
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
MacDrive 6
Macromedia Flash Player 8
Macromedia Shockwave Player
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Windows Journal Viewer
Microsoft Works 4.5
Modem Event Monitor
Modem Helper
Modem On Hold
MSRedist
MSRedist
MSXML 4.0 SP2 (KB927978)
Musicmatch® Jukebox
NAVShortcut
Netscape (7.1)
Netscape (7.2)
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2006
Norton AntiVirus Parent MSI
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton SystemWorks
Norton SystemWorks 2006
Norton SystemWorks 2006 (Symantec Corporation)
Norton Utilities
Norton WMI Update
Norton WMI Update
Nova Invoices & Estimates Pro
NSW_DRM_COLLECTION
Office Animation Runtime
overland
PACE System Files
PowerDVD
QuickTime
RealPlayer
Registry Mechanic 6.0
Rhapsody Player Engine
SecondLife (remove only)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Shockwave
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Audigy 2
Spam Arrest
Spam Arrest Configurator
SPBBC
Spybot - Search & Destroy 1.4
Symantec Technical Support Web Controls
Symantec WinFax PRO
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format Runtime
Windows Media Format SDK Hotfix [See KB892906 for more information]
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888240
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WordPerfect Office 11
Yahoo! Internet Mail
Yahoo! Toolbar
JimFerguson06
Active Member
 
Posts: 12
Joined: December 24th, 2006, 7:51 pm

Unread postby beynac » December 28th, 2006, 8:00 am

Most of the infected items, shown on the Kaspersky report, are in a folder called C:\Old Dell\. I'm assuming that these are old files copied across from your previous computer. None of the offending items are installed on your system, so we can just delete the files/folders. Delete the VNC folder only if you don't use this. It is not malware but can be used by trojans.

Click on Start then My Computer, find the following files and folders (highlighted in red) and delete them, if present. Please let me know if there are any problems with this.
C:\Old Dell\Program Files\MyWebSearch\ <- delete the folder
C:\Old Dell\WINDOWS\SYSTEM\windialup\ <- delete the folder
C:\Installs\VNC\ <- delete the folder (see note above)

The other infected items are emails which appear to be in backup, rather than live, folders. Some are in Outlook and others in Eudora. Unless you have other messages in these mailboxes that you wish to keep, the safest way to get rid of them would be to delete the mailboxes. If you want to keep other, clean messages then you will need to open the relevant mailbox(es) and delete the infected emails (being very careful not to open them!). If you do this, make sure that you compact folders or empty trashcan depending how the program fully removes deleted items. My recommendation would be to get rid of the mailboxes. If so, delete the files shown highlighted in red. If you would rather delete the emails individually, please let me know and I will list them for you.

C:\Data\Outlook\outlook.bak <- File
C:\Old Dell\Eudora\In.mbx <- File
C:\Old Dell\Eudora\In.mbx.001 <- File
C:\Old Dell\Program Files\Qualcomm\Eudora Mail\Attach\yourregistration.com <- File
C:\Old Dell\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx <- File
C:\Old Dell\Temp\Qualcomm\Eudora Mail\in.mbx <- File
C:\Program Files\Qualcomm\Eudora Mail\Attach\yourregistration.com <- File
C:\Program Files\Qualcomm\Eudora Mail\Old In Box as of 33102.fol\Moved mail from normal In Box.mbx <- File

You can also delete SmitFraudFix from your desktop and also the following file:

C:\WINDOWS\System32\process.exe <- File only

Please let me know if you have any problems, or questions, regarding the above.

-----------------------------------------------------------

Flush System Restore

This will remove infected items from System Restore and set a new, clean restore point.

Turn OFF System Restore.
  • Click on Start
  • Right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Check Turn off System Restore
  • Click Apply, and then click OK
Restart your computer

Turn ON System Restore.
  • Click on Start
  • Right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Uncheck Turn off System Restore
  • Click Apply, and then click OK
-------------------------------------------------------

This is my standard 'speech' once someone's computer is clean. Forgive me if you already do some, or all, of the following.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Internet Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to 'Prompt'
      • Change the Download unsigned ActiveX controls to 'Disable'
      • Change the Initialise and script ActiveX controls not marked as safe to 'Disable'
      • Change the Installation of desktop items to 'Prompt'
      • Change the Launching programs and files in an IFRAME to 'Prompt'
      • Change the Navigate sub-frames across different domains to 'Prompt'
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the OK button to exit the Internet Properties page.
  • Use an Anti-Virus Software - It is very important that you have an anti-virus program running on your computer. This alone can save you a lot of trouble with malware in the future. See this link for a list of some online and stand-alone anti-virus programs:
    Computer Safety On line - Anti-Virus
  • Update your Anti-Virus Software - It is imperative that you update your anti-virus software at least once a week (even more if you can). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I cannot stress how important it is that you use a firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can greatly lower your risk. For an article on firewalls, and a list of some available ones, see this link:
    Computer Safety Online - Software Firewalls
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windows Update regularly. This will ensure you always have the latest security updates installed on your computer. If there are new updates to install, install them immediately, reboot your computer and revisit the site until there are no more critical updates.
  • If they are not already present, I would recommend that you download and install some, or all, of the following programs (all free):
    • Spybot - Search and Destroy -Download and install Spybot - Search and Destroy with its TeaTimer option.
      This will provide real-time spyware and hijacker protection on your computer, alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here: Instructions for Spybot S&D and Ad-Aware
    • Ad-Aware SE Personal - Download and install Ad-Aware SE Personal. You should also scan your computer with the program on a regular basis just as you would an anti-virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Instructions for Spybot S&D and Ad-Aware
    • SpywareBlaster - SpywareBlaster will add a large list of programs and websites into your Internet Explorer and/or Firefox browser settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here: Computer Safety on line - Anti-Malware
  • Update all of these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected will reduce dramatically.

Please let me know how your computer is running now. Are there any problems?
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Unread postby JimFerguson06 » December 28th, 2006, 2:49 pm

Thanks, very much. I really appreciate your time and thoroughness. I removed the suggested mailboxes and Flushed the System Restore as instructed. I have some questions about the other suggestions you've offered, but I'll contact you separately about those. Thanks, again. ...Jim
JimFerguson06
Active Member
 
Posts: 12
Joined: December 24th, 2006, 7:51 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware