Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please review Hjackthis

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please review Hjackthis

Unread postby golden » June 2nd, 2007, 3:04 pm

New to forum please let me know if this isn't right.

---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:59:34 PM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\tinySpell\tinyspell.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\progra~1\common~1\instal~1\update~1\isuspm.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {911C4A8E-0F75-4B83-BEB9-02BDDF29D11E} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
O3 - Toolbar: (no name) - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - (no file)
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] C:\Documents and Settings\Bryan Booth\Local Settings\Temp\Setup024968\Setup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows Registry Repair Pro] "C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" 3
O4 - HKCU\..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn.yahoo.com/c174/chat.cab
O16 - DPF: {058025FC-4416-436B-ACFD-03E6224C901C} (FileInfo Class) - http://diagnostics.support.hp.com/motiv ... axctrl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://blueroof.no-ip.com:85/SysCamInst.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://sakura777.miemasu.net/kxhcm10.ocx
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://duke.thirdage.com/chat/data/html ... sichat.ocx
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {53A1630A-DB38-4316-B18F-911719E1F66E} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v10/ticker.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://64.119.5.59/home/SonySncRz30View.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 4476354328
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4476336281
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://wb17pier.axiscam.net:8080//activex/AMC.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://38.112.40.106:8081/bl_camera.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://grimshawcam.chilmarktech.com/act ... ontrol.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775F} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlabsli.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Aut ... dwnldr.cab
O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl4.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.129.66.245/activex/AMC.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://verizon.oberon-media.com/online/ ... der_v6.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} - http://pccheckup.dellfix.com/rel/35/ins ... downde.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
golden
Active Member
 
Posts: 11
Joined: May 28th, 2007, 5:30 pm
Advertisement
Register to Remove

Unread postby ndmmxiaomayi » June 6th, 2007, 5:17 am

Hi golden. :)

Welcome to Malware Removal Forum.

My name is mayi and I will be helping you. As I am still an undergraduate, I will need my fixes to be checked before posting back to you. Thank you for your patience.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Thanks for the response!

Unread postby golden » June 6th, 2007, 8:57 am

Thanks a lot for the response. I'll be waiting. Hope it's not to much of a mess. I'm sure it is tho.
golden
Active Member
 
Posts: 11
Joined: May 28th, 2007, 5:30 pm

Unread postby ndmmxiaomayi » June 6th, 2007, 10:17 am

Hi golden. :)

It's been a few days since this log was posted.

Please post a new HijackThis log if you still require help.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Did I miss something?

Unread postby golden » June 10th, 2007, 12:28 pm

Did I miss something? I was waiting for a answer for the last one.
Does this mean I need to submit another list?
I'm confused.
golden
Active Member
 
Posts: 11
Joined: May 28th, 2007, 5:30 pm

Unread postby ndmmxiaomayi » June 11th, 2007, 12:01 am

Did I miss something? I was waiting for a answer for the last one.
Does this mean I need to submit another list?
I'm confused.


No, you didn't.

You'll need to submit another log because your log was a few days' old. That is to check if there are any changes to your system in the past few days.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Log 6/11/07

Unread postby golden » June 11th, 2007, 9:16 am

Logfile of HijackThis v1.99.1
Scan saved at 7:09:37 AM, on 6/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\tinySpell\tinyspell.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {911C4A8E-0F75-4B83-BEB9-02BDDF29D11E} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\Program Files\SysShield Tools\Internet Eraser\pkext.dll
O3 - Toolbar: (no name) - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - (no file)
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\Program Files\SysShield Tools\Internet Eraser\AbsoluteBar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Windows Registry Repair Pro] "C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" 3
O4 - HKCU\..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Chat 1.3 - http://jcs.chat.dcn.yahoo.com/c174/chat.cab
O16 - DPF: {058025FC-4416-436B-ACFD-03E6224C901C} (FileInfo Class) - http://diagnostics.support.hp.com/motiv ... axctrl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://blueroof.no-ip.com:85/SysCamInst.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://sakura777.miemasu.net/kxhcm10.ocx
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.vivitv.com/KooPlayer.ocx
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://duke.thirdage.com/chat/data/html ... sichat.ocx
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O16 - DPF: {53A1630A-DB38-4316-B18F-911719E1F66E} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v10/ticker.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://64.119.5.59/home/SonySncRz30View.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 4476354328
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4476336281
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://wb17pier.axiscam.net:8080//activex/AMC.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://38.112.40.106:8081/bl_camera.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://grimshawcam.chilmarktech.com/act ... ontrol.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775F} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlabsli.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Aut ... dwnldr.cab
O16 - DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} (UMediaPlayer Class) - http://www.umediaserver.net/bin/UMediaControl4.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.129.66.245/activex/AMC.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://verizon.oberon-media.com/online/ ... der_v6.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} - http://pccheckup.dellfix.com/rel/35/ins ... downde.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
golden
Active Member
 
Posts: 11
Joined: May 28th, 2007, 5:30 pm

Unread postby ndmmxiaomayi » June 12th, 2007, 4:45 am

Hi golden. :)

Step 1

While having Windows Defender to protect your system is good, it can intefere with the fixes. I would need you to disable Windows Defender temporarily while fixing your computer. You can re-enable Windows Defender again once your computer is clean. Here is how to disable it:

  1. Go to Start > All Programs > Windows Defender.
  2. Click on Tools at the top.
  3. Under Settings, click on Options.
  4. Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  5. Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
  6. Click on the Save button at the bottom right hand corner.

Step 2

Disable Winpatrol temporarily

  1. Right click on the Scotty Dog icon in the system tray (next to the clock).
  2. Click Options.
  3. At the bottom of the options page, uncheck (untick) Automatically Run WinPatrol When Computer Starts.
  4. Click the X in the upper right corner to end program.
  5. Right click the Scotty Dog icon in the system tray again.
  6. Click Exit Program.

Step 3

Open HijackThis and select Do a system scan only.

Put a check (tick) next to these items:

O2 - BHO: (no name) - {911C4A8E-0F75-4B83-BEB9-02BDDF29D11E} - (no file)
O3 - Toolbar: (no name) - {28BC2EC4-5EAD-45E1-9F9F-82CD5E293601} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present :arrow: Only if you or your administrator has set it, otherwise, fix this line.
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://verizon.oberon-media.com/online/ ... der_v6.cab


Click on the Fix checked button at the bottom left hand corner.

Step 4

  1. Please download AVG Anti-Spyware and save it to your desktop.
  2. Double click on avgas-setup-7.5.1.36.exe to install AVG Anti-Spyware. Install it in the default location.
  3. Once installed, start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
  4. In the main screen, you should see Your Computer's Security.
    • Next to Resident Shield, click on Change state. It should now be Inactive.
    • Next to Automatic Updates, click on Change state. It should now be Inactive.
    • Next to Last Update, click on Update now. Should you be unable to update it, download the updates from here. Save it to your desktop. Double click to run the installation and the updates will be installed. Make sure AVG Anti-Spyware is closed during the installation.
    • Right-click the AVG Anti-Spyware icon near the clock and uncheck (untick) Start with Windows. Confirm by clicking Yes.
  5. Now click on the Scanner button at the top.
  6. Select the Settings tab.
  7. Under How to act?, click on Recommended actions and select Quarantine.
  8. Under How to scan?, check (tick) all the boxes.
  9. Under Possibly unwanted software:, check (tick) all the boxes.
  10. Under Reports, select Do not automatically generate reports and uncheck (untick) the Only if threats were found box.
  11. Under What to scan?, select Scan every file.
Do not run a scan yet. You will run a scan later.

Step 5

Please download ATF Cleaner by Atribune.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All and untick Cookies box.
  • Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All and untick Firefox Cookies box.
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All and untick Opera Cookies box.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Step 6

  1. Go to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
  2. Click on the Scanner button at the top.
  3. Select the Scan tab.
  4. Click on Complete System Scan to start the scan.
  5. When the scan has finished, follow the instructions below.
    IMPORTANT: Don't click on the Save Scan Report button before you did hit the Apply all Actions button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  6. When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  7. Right click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Restart in Normal Mode.

Step 7

  • Please download Sysclean Package by Trend Micro and save it to your desktop.
  • Download the latest Virus Pattern Files by Trend Micro and save it to your destkop. It is named lptXXX, where XXX are numbers.
    Note: Do not download the Virus Pattern Files if you don't intend to do a scan. Only download it when you want to do a scan, as they are being updated daily.
  • Create a new folder on your desktop.
    • Right click on your desktop.
    • Click on New > Folder.
    • Type in Trend Micro as the name of the folder.
  • Select sysclean.com by clicking once. Press Ctrl + X simultaneously.
  • Open the Trend Micro folder you created earlier. Press Ctrl + V to paste sysclean.com into the folder.
    • Right click and select Extract All.
    • Click on Browse. Navigate to the Trend Micro folder and click OK.
    • Click Next, then Finish.
  • Close all opened windows except the Trend Micro folder.
  • Double click on sysclean.com to run it.
  • Uncheck (untick) Automatically Clean Infected Files box.
  • Once the scanning is done, click Exit.
  • A sysclean.log is created in the Trend Micro folder.
  • Copy and paste that log in your next reply.

In your next reply, please post:

  1. A new HijackThis log
  2. AVG Antispyware report
  3. Trend Micro sysclean log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Sysclean Package

Unread postby golden » June 12th, 2007, 7:18 pm

Sysclean Package I can't seem to get it to work. Say's I need to down load IPT$VPN. Tried to google it and came up with nothing. Any Idea's?
golden
Active Member
 
Posts: 11
Joined: May 28th, 2007, 5:30 pm

Unread postby ndmmxiaomayi » June 13th, 2007, 5:39 am

Please go to Kaspersky website and perform an online antivirus scan.
Please use Internet Explorer as it uses ActiveX.

  1. Click on Kaspersky Online Scanner button.
  2. Read through the requirements and privacy statement and click on Accept button.
  3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
  4. When the downloads have finished, click on Next button.
  5. Click on Scan Settings button.
  6. Select extended under Scan using the following antivirus database:
  7. Check (tick) these boxes under Scan options:
    • Scan Archives
    • Scan Mail Bases
  8. Click OK
  9. Click on My Computer under Please select a target to scan:
  10. Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
  11. Copy and paste this log in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Okay here it is.

Unread postby golden » June 13th, 2007, 10:25 pm

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:15:55 PM 6/13/2007

+ Scan result:



C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP708\A0042335.dll -> Adware.Minibug : No action taken.
C:\Documents and Settings\Bryan Booth\Cookies\[edited]@[edited][1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Bryan Booth\Cookies\[edited]@[edited][2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Bryan Booth\Cookies\[edited]@[edited][2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Bryan Booth\Cookies\[edited]@[edited][1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Bryan Booth\Cookies\[edited]@[edited][1].txt -> TrackingCookie.Netflame : No action taken.
C:\Documents and Settings\Bryan Booth\Cookies\[edited]@[edited][1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Bryan Booth\Cookies\[edited]@[edited][1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Bryan Booth\Cookies\[edited]@[edited][1].txt -> TrackingCookie.Webtrendslive : No action taken.


::Report end

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12072006-033402.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-06-13_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\79E5C975.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped

C:\Documents and Settings\Bryan Booth\Application Data\Mozilla\Profiles\default\ubqxnbmm.slt\Mail\pop.earthlink.net\Inbox/[From "Lakisha Guevara" ][Date Mon, 19 Jan 2004 06:29:27 +0100]/UNNAMED/[From Alan Klepper ][Date Sat, 6 Mar 2004 08:26:02 -0800 (PST)]/UNNAMED/[From "Sug" ][Date Sat, 13 Mar 2004 17:54:25 -0500]/UNNAMED/[From "Charity Prescott" ][Date Sun, 14 Mar 2004 22:44:22 -0500]/Details.zip/snuqxuk.exe Infected: Email-Worm.Win32.Bagle.n skipped

C:\Documents and Settings\Bryan Booth\Application Data\Mozilla\Profiles\default\ubqxnbmm.slt\Mail\pop.earthlink.net\Inbox/[From "Lakisha Guevara" ][Date Mon, 19 Jan 2004 06:29:27 +0100]/UNNAMED/[From Alan Klepper ][Date Sat, 6 Mar 2004 08:26:02 -0800 (PST)]/UNNAMED/[From "Sug" ][Date Sat, 13 Mar 2004 17:54:25 -0500]/UNNAMED/[From "Charity Prescott" ][Date Sun, 14 Mar 2004 22:44:22 -0500]/Details.zip Infected: Email-Worm.Win32.Bagle.n skipped

C:\Documents and Settings\Bryan Booth\Application Data\Mozilla\Profiles\default\ubqxnbmm.slt\Mail\pop.earthlink.net\Inbox/[From "Lakisha Guevara" ][Date Mon, 19 Jan 2004 06:29:27 +0100]/UNNAMED/[From Alan Klepper ][Date Sat, 6 Mar 2004 08:26:02 -0800 (PST)]/UNNAMED/[From "Sug" ][Date Sat, 13 Mar 2004 17:54:25 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.n skipped

C:\Documents and Settings\Bryan Booth\Application Data\Mozilla\Profiles\default\ubqxnbmm.slt\Mail\pop.earthlink.net\Inbox/[From "Lakisha Guevara" ][Date Mon, 19 Jan 2004 06:29:27 +0100]/UNNAMED/[From Alan Klepper ][Date Sat, 6 Mar 2004 08:26:02 -0800 (PST)]/UNNAMED Infected: Email-Worm.Win32.Bagle.n skipped

C:\Documents and Settings\Bryan Booth\Application Data\Mozilla\Profiles\default\ubqxnbmm.slt\Mail\pop.earthlink.net\Inbox/[From "Lakisha Guevara" ][Date Mon, 19 Jan 2004 06:29:27 +0100]/UNNAMED Infected: Email-Worm.Win32.Bagle.n skipped

C:\Documents and Settings\Bryan Booth\Application Data\Mozilla\Profiles\default\ubqxnbmm.slt\Mail\pop.earthlink.net\Inbox Mail Berkeley mbox: infected - 5 skipped

C:\Documents and Settings\Bryan Booth\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\Messenger\[edited]@msn.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\Messenger\[edited]@msn.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\Messenger\[edited]@msn.com\SharingMetadata\Working\database_1270_6837_7068_2427\dfsr.db Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\Messenger\[edited]@msn.com\SharingMetadata\Working\database_1270_6837_7068_2427\fsr.log Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\Messenger\[edited]@msn.com\SharingMetadata\Working\database_1270_6837_7068_2427\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\Messenger\[edited]@msn.com\SharingMetadata\Working\database_1270_6837_7068_2427\tmp.edb Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\MSN\db30\[edited]-MSN-COM.sdf Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\Windows Live Contacts\[edited]@msn.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Temp\fdr2224.fdr Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Temp\~DF59F2.tmp Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Temp\~DF5A0D.tmp Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Bryan Booth\ntuser.dat Object is locked skipped

C:\Documents and Settings\Bryan Booth\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\itouch_crash_info.txt Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\chandir.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\chandir.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\chn.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\chn.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\inuse.txt Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\L0000017.FCS Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\main.log Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs_die.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs_die.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\storydb.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\storydb.idx Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\calendar.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\mail.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\market.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\market32.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\miadv.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\mibas.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\micd.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\printing.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\qos.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\themedef.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\themedef32.mar Object is locked skipped

C:\Program Files\MSN\MsnInstaller\install.mar Object is locked skipped

C:\Program Files\MSN\MsnInstaller\Resources\MSNClientBrand\en\us\q002\9.50.433.0\brand.mar Object is locked skipped

C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\tinySpell\custom.dct Object is locked skipped

C:\Program Files\tinySpell\tstemp.dct Object is locked skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP709\change.log Object is locked skipped

C:\WINDOWS\$NtUninstallQ309521$\dxmasf.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ309521$\lsasrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ309521$\msdxm.ocx Object is locked skipped

C:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe Object is locked skipped

C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.inf Object is locked skipped

C:\WINDOWS\$NtUninstallQ314862$\qmgr.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe Object is locked skipped

C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.inf Object is locked skipped

C:\WINDOWS\$NtUninstallQ323172$\reg00003 Object is locked skipped

C:\WINDOWS\$NtUninstallQ323172$\reg00005 Object is locked skipped

C:\WINDOWS\$NtUninstallQ323172$\reg00008 Object is locked skipped

C:\WINDOWS\$NtUninstallQ323172$\reg00009 Object is locked skipped

C:\WINDOWS\$NtUninstallQ323172$\reg00010 Object is locked skipped

C:\WINDOWS\$NtUninstallQ323172$\reg00011 Object is locked skipped

C:\WINDOWS\$NtUninstallQ329048$\reg00001 Object is locked skipped

C:\WINDOWS\$NtUninstallQ329390$\reg00001 Object is locked skipped

C:\WINDOWS\$NtUninstallQ329834$\reg00001 Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{E7795EA4-3463-4486-BBB8-F3B78A42B42F}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
golden
Active Member
 
Posts: 11
Joined: May 28th, 2007, 5:30 pm

Unread postby ndmmxiaomayi » June 14th, 2007, 1:47 am

Hi golden,

Which email client are you using?
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Mail client

Unread postby golden » June 14th, 2007, 6:45 am

MSN Explore
golden
Active Member
 
Posts: 11
Joined: May 28th, 2007, 5:30 pm

Unread postby ndmmxiaomayi » June 15th, 2007, 2:24 am

Hi golden,

Please post the complete Kaspersky log and an uninstall list in your next reply. Instructions for generating an uninstall list is below:

  1. Open HijackThis.
  2. Select Open the Misc Tools section.
  3. Look under System tools.
  4. Click on the Open Uninstall Manager... button.
  5. Click on the Save list... button.
  6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  7. Notepad will open. Please copy and paste the contents of this Notepad in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby golden » June 15th, 2007, 9:32 am

AbsoluteShield Internet Eraser Lite
Actiontec Gateway/Router
Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 9 ActiveX
Adobe Photoshop 5.0 Limited Edition
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0.9
Adobe Shockwave Player
AppCore
AV
AVG Anti-Spyware 7.5
AXIS Media Control
AXIS Media Control Embedded
ccCommon
CCleaner (remove only)
CheetaChat
CheetaChat 6.5.5
Classic PhoneTools
Conexant HSF V92 56K Data Fax PCI Modem
DCE Tools 1.0
Dell Digital Jukebox Driver
Dell Modem-On-Hold
Dell Picture Studio - Dell Image Expert
Dell ResourceCD
Dell Solution Center
Digital Camera Enhancer
Digital Camera Enhancer 1.3
Digital Line Detect
DivX Player
Dogfight - Battle for the Pacific
Easy CD Creator 5 Basic
Google Pack Screensaver
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Deskjet 6900 series
HP Extended Capabilities 6.0
HP Imaging Device Functions 6.0
hp instant support
HP Memories Disc
HP Photo and Imaging 2.2 - Scanjet 3970 Series
HP Photosmart Essential 2.0
HP Photosmart Premier Software 6.0
HP Software Update
HP Solution Center and Imaging Support Tools 6.0
ICQ
Intel(R) Extreme Graphics Driver
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 11
Java 2 Runtime Environment, SE v1.4.2_01
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79
Logitech Resource Center
MathPlayer
MediaFACE II
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft DirectX 9.0 SDK Update (December 2004)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office Outlook Connector for MSN
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft Picture It! Photo 2002
Microsoft PowerPoint Viewer 97
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MSN
MSN Encarta Plus Support Files
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Norton AntiVirus
Norton AntiVirus (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
NVIDIA Drivers
Paint Shop Pro 7
Photo Story 3 for Windows
Picasa 2
QuickTime
RealArcade
RealPlayer
Realtek RTL8139 Diagnostics Program
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Serif PhotoPlus 6.0
SPBBC 32bit
Symantec
SymNet
System Requirements Lab (SLI)
tinySpell 1.5
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
ViewSonic Monitor Drivers
WebCyberCoach 3.2 Dell
Windows Backup Utility
Windows Clean-Up Pro
Windows Defender
Windows Defender Signatures
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Registry Repair Pro
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX v3.22
WinPatrol 2007
Wolfenstein - Enemy Territory

KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 13, 2007 5:08:08 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 13/06/2007
Kaspersky Anti-Virus database records: 345914


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 102525
Number of viruses found 1
Number of infected objects 6
Number of suspicious objects 0
Duration of the scan process 01:53:14

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12072006-033402.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-06-13_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\79E5C975.TMP Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\SubEng\submissions.idx Object is locked skipped

C:\Documents and Settings\Bryan Booth\Application Data\Mozilla\Profiles\default\ubqxnbmm.slt\Mail\pop.earthlink.net\Inbox/[From "Lakisha Guevara" ][Date Mon, 19 Jan 2004 06:29:27 +0100]/UNNAMED/[From Alan Klepper ][Date Sat, 6 Mar 2004 08:26:02 -0800 (PST)]/UNNAMED/[From "Sug" ][Date Sat, 13 Mar 2004 17:54:25 -0500]/UNNAMED/[From "Charity Prescott" ][Date Sun, 14 Mar 2004 22:44:22 -0500]/Details.zip/snuqxuk.exe Infected: Email-Worm.Win32.Bagle.n skipped

C:\Documents and Settings\Bryan Booth\Application Data\Mozilla\Profiles\default\ubqxnbmm.slt\Mail\pop.earthlink.net\Inbox/[From "Lakisha Guevara" ][Date Mon, 19 Jan 2004 06:29:27 +0100]/UNNAMED/[From Alan Klepper ][Date Sat, 6 Mar 2004 08:26:02 -0800 (PST)]/UNNAMED/[From "Sug" ][Date Sat, 13 Mar 2004 17:54:25 -0500]/UNNAMED/[From "Charity Prescott" ][Date Sun, 14 Mar 2004 22:44:22 -0500]/Details.zip Infected: Email-Worm.Win32.Bagle.n skipped

C:\Documents and Settings\Bryan Booth\Application Data\Mozilla\Profiles\default\ubqxnbmm.slt\Mail\pop.earthlink.net\Inbox/[From "Lakisha Guevara" ][Date Mon, 19 Jan 2004 06:29:27 +0100]/UNNAMED/[From Alan Klepper ][Date Sat, 6 Mar 2004 08:26:02 -0800 (PST)]/UNNAMED/[From "Sug" ][Date Sat, 13 Mar 2004 17:54:25 -0500]/UNNAMED Infected: Email-Worm.Win32.Bagle.n skipped

C:\Documents and Settings\Bryan Booth\Application Data\Mozilla\Profiles\default\ubqxnbmm.slt\Mail\pop.earthlink.net\Inbox/[From "Lakisha Guevara" ][Date Mon, 19 Jan 2004 06:29:27 +0100]/UNNAMED/[From Alan Klepper ][Date Sat, 6 Mar 2004 08:26:02 -0800 (PST)]/UNNAMED Infected: Email-Worm.Win32.Bagle.n skipped

C:\Documents and Settings\Bryan Booth\Application Data\Mozilla\Profiles\default\ubqxnbmm.slt\Mail\pop.earthlink.net\Inbox/[From "Lakisha Guevara" ][Date Mon, 19 Jan 2004 06:29:27 +0100]/UNNAMED Infected: Email-Worm.Win32.Bagle.n skipped

C:\Documents and Settings\Bryan Booth\Application Data\Mozilla\Profiles\default\ubqxnbmm.slt\Mail\pop.earthlink.net\Inbox Mail Berkeley mbox: infected - 5 skipped

C:\Documents and Settings\Bryan Booth\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\Messenger\goldenbooth@msn.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\Messenger\goldenbooth@msn.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\Messenger\goldenbooth@msn.com\SharingMetadata\Working\database_1270_6837_7068_2427\dfsr.db Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\Messenger\goldenbooth@msn.com\SharingMetadata\Working\database_1270_6837_7068_2427\fsr.log Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\Messenger\goldenbooth@msn.com\SharingMetadata\Working\database_1270_6837_7068_2427\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\Messenger\goldenbooth@msn.com\SharingMetadata\Working\database_1270_6837_7068_2427\tmp.edb Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\MSN\db30\GOLDENBOOTH-MSN-COM.sdf Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Application Data\Microsoft\Windows Live Contacts\goldenbooth@msn.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Temp\fdr2224.fdr Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Temp\~DF59F2.tmp Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Temp\~DF5A0D.tmp Object is locked skipped

C:\Documents and Settings\Bryan Booth\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Bryan Booth\ntuser.dat Object is locked skipped

C:\Documents and Settings\Bryan Booth\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\itouch_crash_info.txt Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\chandir.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\chandir.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\chn.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\chn.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\inuse.txt Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\L0000017.FCS Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\main.log Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs_die.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs_die.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\storydb.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Bryan Booth\Data\storydb.idx Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\calendar.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\mail.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\market.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\market32.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\miadv.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\mibas.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\micd.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\printing.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\qos.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\themedef.mar Object is locked skipped

C:\Program Files\MSN\MSNCoreFiles\themedef32.mar Object is locked skipped

C:\Program Files\MSN\MsnInstaller\install.mar Object is locked skipped

C:\Program Files\MSN\MsnInstaller\Resources\MSNClientBrand\en\us\q002\9.50.433.0\brand.mar Object is locked skipped

C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\tinySpell\custom.dct Object is locked skipped

C:\Program Files\tinySpell\tstemp.dct Object is locked skipped

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP709\change.log Object is locked skipped

C:\WINDOWS\$NtUninstallQ309521$\dxmasf.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ309521$\lsasrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ309521$\msdxm.ocx Object is locked skipped

C:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe Object is locked skipped

C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.inf Object is locked skipped

C:\WINDOWS\$NtUninstallQ314862$\qmgr.dll Object is locked skipped

C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe Object is locked skipped

C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.inf Object is locked skipped

C:\WINDOWS\$NtUninstallQ323172$\reg00003 Object is locked skipped

C:\WINDOWS\$NtUninstallQ323172$\reg00005 Object is locked skipped

C:\WINDOWS\$NtUninstallQ323172$\reg00008 Object is locked skipped

C:\WINDOWS\$NtUninstallQ323172$\reg00009 Object is locked skipped

C:\WINDOWS\$NtUninstallQ323172$\reg00010 Object is locked skipped

C:\WINDOWS\$NtUninstallQ323172$\reg00011 Object is locked skipped

C:\WINDOWS\$NtUninstallQ329048$\reg00001 Object is locked skipped

C:\WINDOWS\$NtUninstallQ329390$\reg00001 Object is locked skipped

C:\WINDOWS\$NtUninstallQ329834$\reg00001 Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped

C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{E7795EA4-3463-4486-BBB8-F3B78A42B42F}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
golden
Active Member
 
Posts: 11
Joined: May 28th, 2007, 5:30 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 525 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware