Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijackthis! Log (Serious computer problems)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijackthis! Log (Serious computer problems)

Unread postby JoeClarke » May 13th, 2007, 6:03 pm

Hello,
My computer has almost come to a total standstill over 2 days. Started by a p2p program (morpheus) not shutting down, it always reappeared when closed. Then realised i could not open task manager (with ctrl/alt/del) and has escalated so the pc won't turn-off or restart, net connection goes down after a few mins and no other programs will open.

I have run spyware, ad-aware etc to no avail. At a loss as to what to do at the moment.

Here is my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 23:02:18, on 13/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\OWNER~1.SLE\LOCALS~1\Temp\Rar$EX00.671\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
F3 - REG:win.ini: load=C:\windows\system32\wincfgs.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://www.quadv.com/quadvtv2/Rawflow.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/fil ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn298.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - (no file)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



Any advice, guidance or help with how to continue will obviously be very much appreciated

Thankyou.
Joe
JoeClarke
Active Member
 
Posts: 8
Joined: May 13th, 2007, 5:55 pm
Advertisement
Register to Remove

Unread postby Susan528 » May 13th, 2007, 8:32 pm

Hello Joe and Welcome to Malware Removal,

Please do the following:

Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.

Run hijackthis. Click Do a System Scan Only. Put a Check in the box on the left side on these:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F3 - REG:win.ini: load=C:\windows\system32\wincfgs.exe
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/fil ... nstall.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn298.exe
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)

Close ALL windows and browsers except HijackThis and click Fix checked and exit.

Post the contents of the logfile c:\windelf.txt, along with a new hijackhislog.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby JoeClarke » May 14th, 2007, 6:15 am

Thankyou for the swift reply, hopefully I can get this sorted.

Windelf Logfile

WIN32DELFKIL LOGFILE - by Marckie


version 3.125
14/05/2007 10:49:13.82
running from: "C:\Documents and Settings\Owner.SLEEPY-BARRY\Desktop"


--- File(s) found in Windows directory ---

--- File(s) found in system32 folder ---

--- Services ---

--- Export SharedTaskScheduler key ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"


--- Notify key ---


--- rebooting the computer ---


--- File(s) found in Windows directory ---

--- File(s) found in system32 folder ---

--- Services ---

--- Export SharedTaskSchedulerkey ---
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"



--- Notify key ---

Finished!


2nd Hijackthis! logfile

Logfile of HijackThis v1.99.1
Scan saved at 11:12:23 AM, on 5/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.531\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://www.quadv.com/quadvtv2/Rawflow.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - (no file)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
JoeClarke
Active Member
 
Posts: 8
Joined: May 13th, 2007, 5:55 pm

Unread postby Susan528 » May 14th, 2007, 7:39 am

Deckard’s System Scanner

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby JoeClarke » May 14th, 2007, 8:28 am

Copy of Main.txt file

Deckard's System Scanner v20070426.43
Run by Owner on 2007-05-14 at 13:11:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2007-05-14 12:11:54 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2007-05-13 11:51:52 UTC - RP2 - Installed AVG 7.5
1: 2007-05-13 00:39:53 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 13:14:29, on 14/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner.SLEEPY-BARRY\Desktop\dss.exe
C:\DOCUME~1\OWNER~1.SLE\Desktop\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://www.quadv.com/quadvtv2/Rawflow.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - (no file)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R2 DVDAccss - c:\windows\system32\drivers\dvdaccss.sys <Not Verified; Apple Computer, Inc.; DVDAccss Driver>
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S1 ATITool - c:\program files\atitool\atitool.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - "c:\program files\executive software\diskeeperlite\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper (TM) Disk Defragmenter>
R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>


-- Scheduled Tasks -------------------------------------------------------------

2007-04-09 11:16:46 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-07-14 19:33:12 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2007-04-14 and 2007-05-14 -----------------------------

2007-05-14 11:17:29 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-05-14 10:49:13 0 d-------- C:\_backupD
2007-05-14 10:49:08 278902 --a------ C:\win32delfkil.exe <WIN32D~1.EXE> <Not Verified; Marckie; >
2007-05-14 10:28:32 16384 --a------ C:\WINDOWS\system32\restart.exe <Not Verified; WareSoft Software; restart>
2007-05-14 10:28:32 4096 --a------ C:\WINDOWS\system32\reboot.exe
2007-05-14 10:28:32 53248 --a------ C:\WINDOWS\system32\process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-05-14 10:28:30 90112 --a------ C:\WINDOWS\system32\regdacl.exe <Not Verified; Frank Heyne Software; RegTools>
2007-05-14 10:28:28 0 d-------- C:\WINDOWS\system32\regdacl
2007-05-13 20:00:34 0 d-------- C:\Program Files\Alwil Software
2007-05-13 17:04:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-05-13 00:12:09 0 d-------- C:\Program Files\Lavasoft
2007-05-13 00:04:32 0 dr-h----- C:\Documents and Settings\Owner.SLEEPY-BARRY\Recent
2007-05-12 23:54:46 0 d-------- C:\Documents and Settings\Owner.SLEEPY-BARRY\Application Data\iolo
2007-05-12 23:54:04 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\iolo
2007-05-12 23:49:18 0 d--h----- C:\WINDOWS\PIF
2007-05-12 23:46:58 0 d--hs---- C:\INCINERATE
2007-05-12 23:40:22 25264 --a------ C:\WINDOWS\system32\smrgdf.exe
2007-05-12 23:40:22 41472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2007-05-12 23:40:21 0 d-------- C:\Program Files\iolo
2007-05-12 23:37:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\iolo
2007-05-12 23:33:14 0 d-------- C:\Program Files\BullGuard Software
2007-05-12 23:28:30 0 d-------- C:\!KillBox
2007-05-12 19:13:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-05-11 20:03:44 0 d-------- C:\QUARANTINE
2007-05-11 19:48:26 0 d-------- C:\Program Files\Common Files\Cisco Systems
2007-05-11 19:48:10 58464 --a------ C:\WINDOWS\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2007-05-11 19:48:09 108480 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
2007-05-11 19:48:01 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Network Associates
2007-05-11 19:47:42 0 d-------- C:\Program Files\Network Associates
2007-05-11 19:47:42 0 d-------- C:\Program Files\Common Files\Network Associates
2007-04-19 13:24:53 0 d-------- C:\Documents and Settings\Owner.SLEEPY-BARRY\Application Data\uTorrent
2007-04-15 18:03:09 0 d-------- C:\Program Files\SGL Anti-Cheat


-- Find3M Report ---------------------------------------------------------------

2007-05-14 13:07:39 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-05-13 22:15:57 0 d-------- C:\Program Files\mIRC
2007-05-13 00:12:20 0 d-------- C:\Documents and Settings\Owner.SLEEPY-BARRY\Application Data\Lavasoft
2007-05-13 00:11:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-26 15:44:41 0 d-------- C:\Program Files\Soulseek
2007-04-09 23:48:07 0 d-------- C:\Program Files\MorpheusBar
2007-04-09 11:19:02 0 d-------- C:\Program Files\iTunes
2007-04-09 11:18:52 0 d-------- C:\Program Files\iPod
2007-04-09 11:18:07 0 d-------- C:\Program Files\QuickTime
2007-04-09 11:16:44 0 d-------- C:\Program Files\Apple Software Update
2007-03-29 19:38:19 339 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-03-29 19:38:19 0 d-------- C:\Program Files\SPSSEval
2007-03-28 17:48:23 1025 --a------ C:\WINDOWS\system32\sysprs7.dll
2007-03-21 18:04:12 0 d-------- C:\Program Files\Micro Machines 2 - Turbo Tournament
2007-03-21 11:47:20 0 d---s---- C:\Program Files\Xfire
2007-03-20 17:40:30 0 d-------- C:\Documents and Settings\Owner.SLEEPY-BARRY\Application Data\Xfire
2007-03-20 15:44:15 0 --a------ C:\WINDOWS\system32\ssprs.dll
2007-03-20 15:44:15 0 --a------ C:\WINDOWS\system32\serauth2.dll
2007-03-20 15:44:15 0 --a------ C:\WINDOWS\system32\serauth1.dll
2007-03-20 15:44:15 0 --a------ C:\WINDOWS\system32\nsprs.dll
2007-03-20 15:44:15 1024 --a------ C:\WINDOWS\system32\clauth2.dll
2007-03-20 15:44:15 1024 --a------ C:\WINDOWS\system32\clauth1.dll
2007-03-19 17:05:57 0 --a------ C:\WINDOWS\system32\taskkill.exe
2007-03-16 04:55:58 40960 --a------ C:\WINDOWS\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2007-03-15 16:38:46 64360 --a------ C:\Documents and Settings\Owner.SLEEPY-BARRY\Application Data\GDIPFONTCACHEV1.DAT
2007-02-21 21:00:28 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar4.dll
{B56A7D7D-6927-48C8-A975-17DF180C71AC} C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\TBMon.exe\""
"BullGuard"="\"C:\\Program Files\\BullGuard Software\\BullGuard\\bullguard.exe\" -boot"
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic 7\\SMSystemAnalyzer.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"RealPlayer"="\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{AC76BA86-7AD7-1033-7B44-A70001000000}\\SC_Reader.exe "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SemanticInsight]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SemanticInsight"
"hkey"="HKLM"
"command"="C:\\Program Files\\RXToolBar\\Semantic Insight\\SemanticInsight.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cf09d9a-5786-11db-b5a2-00e04ca978f7}]
Shell\1\Command F:\.\RECYCLER\RECYCLER\autorun.exe
Shell\2\Command F:\.\RECYCLER\RECYCLER\autorun.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cf09d9d-5786-11db-b5a2-00e04ca978f7}]
Shell\1\Command F:\.\RECYCLER\RECYCLER\autorun.exe
Shell\2\Command F:\.\RECYCLER\RECYCLER\autorun.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\RECYCLER\autorun.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ENTDRV51


-- End of Deckard's System Scanner: finished at 2007-05-14 at 13:16:53 ---------

Copy of Extra.txt

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 2600+
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1023.48 MiB / 564.54 MiB
Pagefile Memory (total/avail): 2078.32 MiB / 1741.37 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1958.87 MiB

C: is Fixed (NTFS) - 74.52 GiB total, 19.9 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v6.5.737.000 (Zone Labs, Inc.)
FW: Norton Personal Firewall v2003 (Symantec Corporation) Disabled
AV: avast! antivirus 4.7.942 [VPS 000740-0] v4.7.942 (ALWIL Software) Disabled


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Owner.SLEEPY-BARRY\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SLEEPY-BARRY
ComSpec=C:\WINDOWS\system32\cmd.exe
DiskeeperIcon=C:\Program Files\Executive Software\DiskeeperLite\
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner.SLEEPY-BARRY
LOGONSERVER=\\SLEEPY-BARRY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Executive Software\DiskeeperLite\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
sourcesdk=c:\program files\valve\steam\steamapps\zooboyjoe\sourcesdk
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\OWNER~1.SLE\LOCALS~1\Temp
TMP=C:\DOCUME~1\OWNER~1.SLE\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=SLEEPY-BARRY
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner.SLEEPY-BARRY
VProject=c:\program files\valve\steam\steamapps\zooboyjoe\counter-strike source\cstrike
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner.SLEEPY-BARRY (admin)
Administrator (admin)
Guest.SLEEPY-BARRY (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70001000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AMIP (remove only) --> "C:\Program Files\Winamp\Plugins\amip_uninstall.exe"
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
BullGuard 7.0 --> C:\Program Files\BullGuard Software\BullGuard\uninst.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Complete CD Maker --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Cosmi\Complete CD Maker\DeIsL1.isu" -c"C:\Program Files\Cosmi\Complete CD Maker\_ISREG32.DLL"
Dell Photo Printer 720 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
Dell Photo Printer 720 Logger --> C:\Program Files\Dell Photo Printer 720\dlbcunst.exe
Diskeeper Lite --> MsiExec.exe /X{A3F60446-48FB-48A8-B5FC-BB3430AEF806}
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DVD@ccess 2.0.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B34414C-14FB-11D6-A329-0050045C24B2}\Setup.exe" -l0x9
EDAC --> MsiExec.exe /I{8614A762-5CEF-49D2-86BB-3FFE1ECBE679}
ffdshow [rev 1054] [2007-03-19] --> "C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe"
Fraps --> "C:\TEMP\uninstall.exe"
Ghost Recon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}\Setup.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
Half-Life(R) 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
HijackThis 1.99.1 --> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Indeo® XP Software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\UninstXP.isu"
iolo technologies' System Mechanic 7 --> "C:\Program Files\iolo\System Mechanic 7\unins000.exe"
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
K-Lite Codec Pack 2.72 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Labtec WebCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF45F502-D3F2-4E7C-91D8-9AA5A8141D08}\setup.exe" -l0x9
Labtec® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Micro Machines 2 - Turbo Tournament --> "C:\Program Files\Micro Machines 2 - Turbo Tournament\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft FrontPage 2002 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher 2002 --> MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MINITAB Release 14 --> MsiExec.exe /I{9BC2391F-FBCA-4F06-8E6C-FB1BB119A9EF}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Morpheus Toolbar --> rundll32 C:\PROGRA~1\MORPHE~1\bar\1.bin\MorphBar.dll,O
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Norton Personal Firewall --> MsiExec.exe /I{15BFECE8-A100-4861-B92B-1EFF76683C23}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
ScanSoft PaperPort Viewer 7.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ScanSoft\PaperPort Viewer\Uninst.isu"
SGL Anti-Cheat 1.4.7 --> C:\Program Files\SGL Anti-Cheat\uninst.exe
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
SPSS 14.0 for Windows Evaluation Version --> MsiExec.exe /X{2763FD5A-57E9-442B-AFDF-6DCCC23883B0}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 3.2 --> "C:\Program Files\Spyware Doctor\unins000.exe"
Steam(TM) --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Tom Clancy's Rainbow Six 3: Raven Shield 1.56.393 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF131494-F5D8-45C5-938C-D5F020CF1B0D}\setup.exe" -l0x9
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.5 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Video 9 Advanced Profile Codec --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wvc1dmo.inf,Uninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
Zootrition Server Version 2.0 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\ZootritionV2\ST6UNST.000"


-- End of Deckard's System Scanner: finished at 2007-05-14 at 13:16:53 ---------



Again thanks for the fast reply. The error messages I was getting on startup of windows have now dissapeared (to do with windows not being able to find wincfgs.exe etc). Still some odd things going on tho.

Cheers.
Joe
JoeClarke
Active Member
 
Posts: 8
Joined: May 13th, 2007, 5:55 pm

Unread postby Susan528 » May 14th, 2007, 11:00 am

Hi Joe,

STEP 1.
======
Let’s do a virus scan since you do not have an anti-virus application enabled according to Deckard’s System Scanner.

Please perform an online scan with Internet Explorer at
http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:

    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Deckard’s System Scanner shows that you are using Zone Alarm for your firewall.
Your anti-virus application Avast is disabled so you do not apparently have an anti-virus application up and running.

You should have only one anti-virus and firewall up and running because more can interfere with each other.

I would go ahead and keep Zone Alarm and decide which anti-virus application you are going to use and uninstall the others.

The Add/Remove Programs show the following:
BullGuard 7.0 <= Firewall and Antivirus?
Norton Personal Firewall<=don’t need with Zone Alarm
avast! Antivirus
McAfee VirusScan Enterprise

Please let me know what you have decided about the anti-virus and if you have decided to keep Zone Alarm as your firewall.

STEP 2.
======
This will check for rootkits.
GMER
Please create a new subfolder in the Program Files folder called GMER. If you have an older version of GMER installed, you must delete it.
  • Download GMER and extract it to the C:\program files\GMER folder.
  • Please rename the GMER file
    Note: You can rename gmer.exe to anything you like as long as you keep the .exe ending.
    Run the Gmer.exe renamed program by double-clicking the executable file (gmer.exe) in Windows Explorer.
    You may be prompted to scan immediately if GMER detects rootkit activity.
    • If you are prompted to scan your system click "yes" to begin the scan.
    • If you are not prompted, Click the "Rootkit" tab, then click "Scan".

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

At the end of the scan, click "Copy" to copy the scan results to the clipboard. Then paste the results in a notepad file and also paste them back in your next reply.

Please post (reply) with the results from the Kaspersky scan, the GMER scan.
Please move HijackThis.exe to a permanent folder like C:\HJT and do not have it in a Temp folder
C:\DOCUME~1\OWNER~1.SLE\LOCALS~1\Temp\Rar$EX00.671\HijackThis.exe
Run hijackthis.exe and please post (reply) with a fresh hackthis log.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby JoeClarke » May 14th, 2007, 6:04 pm

Just a note, bullguard was a knackered version i'd failed to delete. only downloaded system mechanic trial the other day on someones advice just to use the Incinerator so that was a temporary program.

Norton firewall has been removed, will stick with Zonealarm. And will also stick with Avast, which i had run but had only just turned off due to Deckard saying "close all applications".

Erm, did full system scan with Kaspersky and it found 3 infections. However I could see no way of getting the logfile (i.e. couldn't see a "save as text" button). Anyway may just be me being slow so will run it again in the morning.

It seems like there is something attacking my net (constantly trying to connect) as zonealarm is regularly warning of "generic host process for win32" trying to connect. And soon as i disable ZA my net effectively goes down.


Enough rambling, will post log files tommorrow, thankyou for the help :)
JoeClarke
Active Member
 
Posts: 8
Joined: May 13th, 2007, 5:55 pm

Unread postby Susan528 » May 15th, 2007, 2:08 pm

I will be watching for the logs. :)
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby JoeClarke » May 16th, 2007, 11:58 am

Okay, here's the Log files for Kaspersky, GMER, and another Hijackthis! log.


Kaspersky Logfile


------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 16, 2007 4:04:14 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 16/05/2007
Kaspersky Anti-Virus database records: 321485
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 78517
Number of viruses found: 3
Number of infected objects: 3 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:31:45

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\05b41b2eff4ef86c3fac5d2c350f3275_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0cb2c8affa15d5ecdb0f570e0ec217e1_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e61d9e92265f7cb230c2a7eef8e06c1_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f13f06953151e663256dd3815208a5e_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\33f7b2eaa75b98f10eda7c5cd27d039c_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\3f3fce3c7fec37f4061f297e8ac4cb6e_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\4ed0b24544c745c58365b29f6fb13bf1_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\60144eedc9f486f30d896d8fbdf4164f_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\78bcc3a253046a0593fcd959f66f721e_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\79824b0d4e05885224720b94276d4d1b_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\84d8899f60df44f7a4a2f8fe8901661a_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c24690c8038847ed04b7c30263cb180_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\a05707c48aedf57656593e562dc1dbac_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b70172e326cb51a5ea61f00f4923f7c6_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b74c5373ef068f7baab944691f9adf39_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\b90834449843899dca6d942420365bb7_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6a163bc5b4cdd4c86e024247fb1aaa5_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\c81c1ea42414a13778011f882924fa9d_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ca4ef1d78b706ac5587672c617165715_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d5503df68dd9ecba93ab511e81525a7a_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\d7a14e67e0491bb15b580e2a8227c364_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\e23aca24defeb8935767bf5da14496c9_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ef615aa44b86d8c68b27d9fc71c6b550_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff0ba4242b26fbe83f2737f834b8c421_df8db042-b4d1-438b-a600-e5894f2bc7c1 Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Network Associates\BOPDATA\_Date-20070516_Time-124457203_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Network Associates\BOPDATA\_Date-20070516_Time-124457203_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Network Associates\Common Framework\Db\Agent_SLEEPY-BARRY.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Network Associates\Common Framework\Db\PrdMgr_SLEEPY-BARRY.log Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\3037essay.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\ADW Canidae Information.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\Arctic Fox.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\Bush Dog (Speothos venaticus).txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\bushdogs.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\completefamily.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\Dhole (Cuon alpinus).txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\Fennec Fox (Fennecus zerda).txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\fennecfox.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\footsize.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\Grey wolf (Canis lupus).txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\hoaryfox.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\Lioncrusher's Domain -- Bush Dog (Speothos venaticus.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\Maned wolf (Chrysocyon brachyurus).txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\mexicancoyote.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\Raccoon dog (Nyctereutes procyonoides).txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\Red fox (Vulpes vulpes).txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\singingdog.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\Small Eared Zorro (Atelocynus microtis).txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Canidaeessay\Small-eared Zorro (Dusicyon microtis).txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Cards\123 Free Solitaire 2003 5.11\123free.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Cards\123 Free Solitaire 2003 5.11\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Cards\Free Spider 2003 - Solitaire Collection 1.6\free_spider.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Cards\Free Spider 2003 - Solitaire Collection 1.6\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Cards\High Seas Solitaire\highseas.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Cards\High Seas Solitaire\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Cards\Pokemon Solitaire 3D Game 1.0\pokesol.zip Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Cards\Pokemon Solitaire 3D Game 1.0\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Cards\South Park Solitaire 1.6\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Cards\South Park Solitaire 1.6\solitare.zip Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\GTA\GTAINSTALLER\GTAINSTALLER.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\GTA\GTAINSTALLER\README.TXT Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\GTA\GTAINSTALLER.ZIP Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\GTA\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Kids\Checkers 1.3\chkwin13.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Kids\Checkers 1.3\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Kids\Easy Memory 4.46\easymemory.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Kids\Easy Memory 4.46\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Kids\Eggberts Easter Wish 1.0\eggbert.zip Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Kids\Eggberts Easter Wish 1.0\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Kids\Sponge Bob Screen Toy 1.0\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Kids\Sponge Bob Screen Toy 1.0\SpongeBob_ScreenToy.zip Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Kids\Virtual Juggler 3D Gold 2.0\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Kids\Virtual Juggler 3D Gold 2.0\VirtualJuggler3DGold.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free\123 Free Memory 2003 - Free Memory Card Games Collection 3.1\123memor.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free\123 Free Memory 2003 - Free Memory Card Games Collection 3.1\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free\123 Free Puzzle 2003 - Free Puzzle Card Games Collection 3.2\123puzzl.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free\123 Free Puzzle 2003 - Free Puzzle Card Games Collection 3.2\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free\Laser Tank 4.0\lt4setup.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free\Laser Tank 4.0\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free\Moraff's MoreJongg 8.0\Moraff'sMoreJongg.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free\Moraff's MoreJongg 8.0\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free\My House (With ZapSpot Game Companion) 1.0\myhouse.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free\My House (With ZapSpot Game Companion) 1.0\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free To Try\3D Morris 1.55\3dmorris_cnet.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free To Try\3D Morris 1.55\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free To Try\Advanced Tetric 3.61\atsetup361.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free To Try\Advanced Tetric 3.61\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free To Try\BigJig 7.0\bigjig70.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free To Try\BigJig 7.0\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free To Try\Dragons 4.0a\dragons.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free To Try\Dragons 4.0a\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free To Try\Snood 3.01\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Puzzles\Free To Try\Snood 3.01\SnoodSetup.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Rugby 2004\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Rugby 2004\Rugby2k4Demo_Aus_vs_Eng.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Stratergy\AJ Empires 5.0\AJEmpires.zip Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Stratergy\AJ Empires 5.0\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Stratergy\GEE!Soft Battleship 1.0\battlesm.ZIP Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Stratergy\GEE!Soft Battleship 1.0\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Stratergy\Solar Wars 1.24\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Stratergy\Solar Wars 1.24\SW100.zip Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Stratergy\Stellar Frontier 1.1\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Stratergy\Stellar Frontier 1.1\sf110w.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Toca Race Driver\racedriver-demo.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Toca Race Driver\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Unreal Tournament 2003 Demo\Read Me.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Games\Unreal Tournament 2003 Demo\ut2003-demo.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\greenbul pres\Abstract.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\greenbul pres\Abstract1.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\greenbul pres\finalslides.ppt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\greenbul pres\greenbul.ppt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\greenbul pres\greenbulpres2.ppt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\greenbul pres\notes1.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\greenbul pres\notes2.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\greenbul pres\nrewc.ppt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\greenbul pres\PRESENTATION.ppt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\greenbul pres\~WRL1157.tmp Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\greenbul pres\~WRL2168.tmp Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\leadbelly cover.pub Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\minguscover.pub Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\miskin.pub Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\miskinjpeg.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\panda\badgraph.BMP Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\panda\catasgraph1.BMP Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\panda\goodgraph.BMP Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\panda\goodgraph2.BMP Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\panda\mapannotated.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\panda\panda1.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\panda\pandapic.bmp Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\panda\pandapic3.bmp Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\panda\pandapic4.bmp Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\panda\pandapoic2.bmp Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\panda\pandaprojectnew.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\panda\pandareport.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\panda\pandastuff.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\panda\realisticgraph.BMP Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\panda\realisticgraph2.BMP Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\panda\Thumbs.db Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\primate-essay\abstracts.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\primate-essay\baboons.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\primate-essay\chimps.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\primate-essay\Evolution of Primate Social Systems.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\primate-essay\extrastuff.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\primate-essay\femalesdrive.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\primate-essay\gorilavsmaqaques.ppt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\primate-essay\gorilla.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\primate-essay\kappeler&vanschaik.pdf Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\primate-essay\matngsystemtypes.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\primate-essay\organization1.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\primate-essay\peacfulbaboons.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\primate-essay\Primate Behaviour.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\primate-essay\socialbehavmonkeys.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\primate-essay\squirrelmonkeys.txt Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\scarit2.JPG Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Scarites.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Scarites2.doc Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\scary1.xls Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\scarygirls.xls Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\AHEAD._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\APPIAN._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\ATI._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\BOCA._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\CIRRUS._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\CITIES._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\COMPAQ._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\C_AND_T._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\DIAMOND._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\EVEREX._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\GENOA._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\HEADLAND._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\HERCULES._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\IBM._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\INFO.EXE Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\INSTALL.EXE Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\INSTALL.MXS Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\INSTALL._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\IRIS._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\MAXIS.CIM Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\OAK._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\ORCHID._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\PARADISE._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\PERFECTV._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\POSTCARD.CIM Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\README.TXT Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\SC2000._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\SC2DAT._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\SCENARIO._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\SIGMA._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\SOUND._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\SPIDER._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\STB._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\TECMAR._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\TI_PORT._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\TRIDENT._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\TSENG._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\UNIVESA._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\VIDEO7._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\Simcity\WESTERN._ Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\v915manual.pdf Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\ASYCFILT.DLL Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\B22HyperLink.ocx Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\B22TextBox.ocx Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\COMCAT.DLL Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\COMCT332.OCX Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\COMDLG32.OCX Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\DAO350.DLL Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\EXPSRV.DLL Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\filelist.xml Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\FloridaPanther.vpj Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\GRAPHS32.OCX Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\GSW32.EXE Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\GSWAG32.DLL Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\GSWDLL32.DLL Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\header.htm Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image001.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image002.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image003.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image004.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image005.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image006.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image007.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image008.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image009.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image010.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image011.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image012.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image013.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image014.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image015.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image016.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image017.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image018.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image019.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image020.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image021.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image022.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image023.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image024.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image025.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image026.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image027.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image028.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image029.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image030.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image031.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image032.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image033.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image034.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image035.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image036.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image037.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image038.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image039.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image040.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image041.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image042.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image043.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image044.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image045.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image046.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image047.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image048.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image049.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image050.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image051.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image052.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image053.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image054.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image055.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image056.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image057.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image058.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image059.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image060.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image061.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image062.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image063.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image064.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image065.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image066.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image067.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image068.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image069.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image070.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image071.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image072.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image073.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image074.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image075.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image076.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image077.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image078.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image079.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image080.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image081.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image082.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image083.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image084.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image085.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image086.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image087.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image088.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image089.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image090.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image091.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image092.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image093.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image094.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image095.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image096.png Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image097.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image098.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image099.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image100.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image101.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image102.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image103.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image104.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image105.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image106.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image107.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image108.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image109.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image110.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image111.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image112.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image113.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image114.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image115.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image116.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image117.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image118.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image119.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image120.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image121.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image122.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image123.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image124.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image125.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image126.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image127.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image128.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image129.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image130.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image131.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image132.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image133.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image134.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image135.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image136.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image137.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image138.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image139.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image140.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image141.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image142.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image143.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image144.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image145.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image145.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image146.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image146.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image147.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image147.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image148.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image148.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image149.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image149.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image150.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image150.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image151.gif Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image151.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image152.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image153.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image154.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image155.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image156.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image157.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image158.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image159.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image160.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image161.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image162.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image163.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image164.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image165.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image166.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image167.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image168.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image169.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\image170.wmz Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\mfc42.dll Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\Default.PLS Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_0077.AVI Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_0077.THM Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_0091.AVI Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_0091.THM Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_0439.AVI Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_0439.THM Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_0441.AVI Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_0441.THM Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_0442.AVI Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_0442.THM Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_0647.AVI Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_0647.THM Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_0650.AVI Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_0650.THM Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_1214.AVI Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_1214.THM Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_1218.AVI Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_1218.THM Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_1223.AVI Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_1223.THM Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_1224.AVI Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_1224.THM Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_1225.AVI Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\MVI_1225.THM Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSco-eco2.OCX\Stats\Thumbs.db Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSCOMCT2.OCX Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSCOMCTL.OCX Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSFLXGRD.OCX Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSINET.OCX Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSJet35.dll Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSJINT35.DLL Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSJTER35.DLL Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\msmask32.ocx Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSRD2X35.DLL Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MsRepl35.dll Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\MSVBVM60.DLL Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\OLEAUT32.DLL Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\oledata.mso Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\OLEPRO32.DLL Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\OutbreakDLL.dll Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\OutbreakDLL.lib Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\RICHED32.DLL Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\RICHTX32.OCX Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\setup.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\SETUP.LST Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\SETUP1.EXE Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\splash.jpg Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\ssa3d30.ocx Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\ssscrl30.ocx Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\ssspls30.ocx Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\sssplt30.ocx Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\ST6UNST.EXE Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\STDOLE2.TLB Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\SYSINFO.OCX Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\tabctl32.ocx Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\Thumbs.db Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\Tile.ocx Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\v9_Help.htm Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\VB5DB.DLL Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\VB6STKIT.DLL Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\VBAJET32.DLL Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\Vortex.CAB Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\vortex.dll Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\Vortex.exe Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\Vsflex7L.ocx Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install\ZPG.vpj Object is locked skipped
C:\Documents and Settings\Owner\My Documents\Joes\vortex923install.zip Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe Object is locked skipped
C:\Documents and Settings\Owner.SLEEPY-BARRY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner.SLEEPY-BARRY\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner.SLEEPY-BARRY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner.SLEEPY-BARRY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner.SLEEPY-BARRY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner.SLEEPY-BARRY\Local Settings\History\History.IE5\MSHist012007051620070517\index.dat Object is locked skipped
C:\Documents and Settings\Owner.SLEEPY-BARRY\Local Settings\Temp\fb_1384.lck Object is locked skipped
C:\Documents and Settings\Owner.SLEEPY-BARRY\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner.SLEEPY-BARRY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner.SLEEPY-BARRY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner.SLEEPY-BARRY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner.SLEEPY-BARRY\UserData\index.dat Object is locked skipped
C:\found.000\file0000.chk Object is locked skipped
C:\found.001\file0000.chk Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\iolo\System Mechanic 7\SystemAnalyzer.log Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
C:\Program Files\MorpheusBar\bar\1.bin\M0PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\Program Files\MorpheusBar\bar\1.bin\NPMORPBR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc10.mpeg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc11.mpeg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc12.mpeg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc13.mpeg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc14.mpeg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc15.mpeg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc16.mpeg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc17.mpeg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc18.mpeg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc19.mpeg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc20.mpeg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc21.mpeg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc22.AVI Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc23.AVI Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc24.AVI Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc25.AVI Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc26.mpg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc27.AVI Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc29.AVI Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc3.mpeg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc30.AVI Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc32.avi Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc4.mpeg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc5.mpeg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc6.mpeg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc7.mpeg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc8.mpeg Object is locked skipped
C:\RECYCLER\S-1-5-21-839522115-1844823847-2147125571-1003\Dc9.mpeg Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{8E3CC26E-AF44-4347-B2FF-63BCE926F893}\RP5\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\SLEEPY-BARRY.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_80.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT0228c.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT05f55.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.




GMER Rootkit Scan


GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-05-16 16:47:30
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT 8506D109 ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System
JoeClarke
Active Member
 
Posts: 8
Joined: May 13th, 2007, 5:55 pm

Unread postby JoeClarke » May 16th, 2007, 1:12 pm

Hijackthis Logfile



Logfile of HijackThis v1.99.1
Scan saved at 18:11:13, on 16/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\setup_wm.exe
C:\Documents and Settings\Owner.SLEEPY-BARRY\Desktop\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL (file missing)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://www.quadv.com/quadvtv2/Rawflow.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - (no file)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
JoeClarke
Active Member
 
Posts: 8
Joined: May 13th, 2007, 5:55 pm

Unread postby Susan528 » May 17th, 2007, 1:40 pm

Hi Joe,

I have asked for another opinion for registry fix and will post when receive a reply.

This file is not infected by virus. It is what you see if file is suspicious or considered a risk tool. Now if you never ever use mIRC then I would delete it.

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped

Please set your system to show all files; please see here if you're unsure how to do this.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\Program Files\MorpheusBar<=file

Exit Explorer, and reboot as normal afterwards.

Are you still receiving the warning of "generic host process for win32" trying to connect from ZoneAlarm?
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby JoeClarke » May 18th, 2007, 10:04 am

Hello,

I have removed C:\Program Files\MorpheusBar<=file (and infact removed any other traces or links to morpheus)

I do regularly use mirc. Is it a genuine problem? If so i shall remove it fully and reinstall at a later date perhaps.

Thanks for the continued advice. :)
JoeClarke
Active Member
 
Posts: 8
Joined: May 13th, 2007, 5:55 pm

Unread postby JoeClarke » May 18th, 2007, 10:07 am

(Can't find a way to edit posts?...that's a bit odd)

Anyway:

Please set your system to show all files


Done. Do i need to re-run kaspersky and/or hijackthis?

Thanks.

Joe
JoeClarke
Active Member
 
Posts: 8
Joined: May 13th, 2007, 5:55 pm

Unread postby Susan528 » May 18th, 2007, 2:03 pm

Hi Joe,

You should be fine with the mIRC.

STEP 1.
======
Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Then, go to start-->run

and type this in:
notepad

Paste this into the box:

Code: Select all
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SemanticInsight]


Then click on the FILE menu and select save as
Save the file as regfix.reg. Save the file to the desktop.
IMPORTANT: make sure to save the file as "all types" and NOT as a text file
**

Now double click on regfix.reg and insert it into the registry.[/quote]

STEP 2
======
Flash Disinfector by sUBs
Please download Flash_Disinfector.exe by sUBs and save it to your desktop:
  • Double-click Flash_Disinfector.exe to run it.
  • Follow any prompts that may appear.
  • Wait until the program has finished scanning, then please exit the program.
    The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.

Please restart your computer.

Deckard’s System Scanner
If you still have Deckard’s System Scanner present on your computer, please do the following:[list=1]
[*]Close all applications and windows.
[*]Go to start =>run => copy the following bold text into the box and click OK
[b]â€
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby NonSuch » May 29th, 2007, 12:55 pm

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27221
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware