Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Various Trojan and Malware problems [RESOLVED]

Started by Solarin , Aug 23 2006 10:21 PM

This topic is locked

#1
Solarin

Posted 23 August 2006 - 10:21 PM

Member

Member
28 posts

A careless user (my brother) of my computer had inadvertenly infected my comp by running some .exe file downloaded from the internet. He didn't recall where he downloaded it. It was too late for me to do anything about it but the problems immediatley showed themselves. I ran through the troubleshooting list in the sticky for spywarequake (since that was the main problem) and I also ran through the general advice on how to remedy my general malware problems myself via the sticky. As far as I can tell, spywarequake is gone (since I haven't seen or heard from it) and an enormous amount of infected files were removed from my comp via ad-aware, spybot, ewido, and trojanhunter. I'm at a bit of an impass now because I am still getting pop-ups and my startup time is still significantly slower.

As a side note I received an error message on startup after I ran Trojanhunter.

It reads:

RUNDLL

Error loading w3c66798.dll

The specified module could not be found.

I have recently reinstalled Windows XP Professional so I am only using SP1 (I read it wouldn't be wise to install SP2 until my was clean of malware.)

Here's the Hijack This! logfile:

Logfile of HijackThis v1.99.1
Scan saved at 10:46:35 PM, on 8/23/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\sys015456957121.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\System32\SSEMBL~1\winlogon.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Hijack This!\HijackThis.exe

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [xpv72e6e] RUNDLL32.EXE w3c66798.dll,n 00372e6b000000023c66798
O4 - HKLM\..\Run: [sys015456957121] C:\WINDOWS\sys015456957121.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [ef5d5a26.exe] C:\Documents and Settings\Matt\Local Settings\Application Data\ef5d5a26.exe
O4 - HKCU\..\Run: [Ncao] "C:\WINDOWS\System32\SSEMBL~1\winlogon.exe" -vt yax
O4 - HKCU\..\Run: [Pikwai] C:\Program Files\?ystem\m?dtc.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1156300299077
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.....cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15026/CTPID.cab
O20 - AppInit_DLLs: repairs303169590.dll,wbsys.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Here's the Panada ActiveScan report as well:

Incident Status Location

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\cookies.txt[.realmedia.com/]
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Matt\Application Data\Sskknwrd.dll
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Matt\Cookies\matt@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Matt\Cookies\matt@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Matt\Cookies\matt@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Matt\Cookies\matt@advertising[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Matt\Cookies\matt@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Matt\Cookies\matt@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Matt\Cookies\matt@bluestreak[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Matt\Cookies\matt@doubleclick[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Matt\Cookies\matt@drivecleaner[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Matt\Cookies\matt@fastclick[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Matt\Cookies\matt@findwhat[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Matt\Cookies\matt@hitbox[2].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Matt\Cookies\matt@kmpads[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Matt\Cookies\matt@mediaplex[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Matt\Cookies\matt@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Matt\Cookies\matt@revenue[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Matt\Cookies\matt@statcounter[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Matt\Cookies\matt@targetnet[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Matt\Cookies\matt@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Matt\Cookies\matt@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Matt\Cookies\matt@zedo[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Matt\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Matt\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Matt\Desktop\smitRem.exe[smitRem/Process.exe]
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Matt\Local Settings\Application Data\ef5d5a26.exe.tcf
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Matthew Cavanaugh\Application Data\Mozilla\Firefox\Profiles\xuli91rk.default\cookies.txt[searchportal.information.com/]

I would greatly appreciate any help that can be offered.

#2
Shaba

Posted 24 August 2006 - 11:12 AM

Malware Expert

Member
558 posts

Hi Solarin

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Look in your control panels add/remove programs for PuritySCAN By OIN, OuterInfo, OIN or similar , click on it and click remove.
Reboot and delete this folder if found:
C:\Program Files\PurityScan

If not listed, download and run this uninstaller:
Uninstaller

Tutorial for the uninstaller if needed

Reboot when done and delete this folder if found:
C:\Program Files\PurityScan

Send:

- a fresh HijackThis log
- combofix log

#3
Solarin

Posted 24 August 2006 - 08:44 PM

Member

Topic Starter
Member
28 posts

Hello Shaba! Sorry for the late reply. I've been on campus all day. I carried out the instuctions you posted. I still receive the error message on startup about the missing module.

ComboFix:

Matt - 06-08-24 21:06:03.15
ComboFix 06.08.24 - Running from: C:\Program Files\Mozilla Firefox

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Matt\Application Data\Sskknwrd.dll
C:\WINDOWS\system32\bk.exe
C:\Program Files\surfsidekick 3\Ssk.exe
C:\Program Files\surfsidekick 3\SskBho.dll
C:\Program Files\surfsidekick 3\SskCore.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\Duce6.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\uninst104.exe
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{5C2171E0-08D2-1033-0510-020829030001}
C:\WINDOWS\Duce6.exe
C:\WINDOWS\thiselt.exe

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\YSTEM~1
C:\QooBox\Purity\Program Files\Common Files\FNTS~1
C:\QooBox\Purity\Program Files\Common Files\SSTEM3~1
C:\QooBox\Purity\Program Files\Common Files\SSTEM3~1\w?nspool.exe
C:\QooBox\Purity\Program Files\YSTEM~1\m?dtc.exe
C:\QooBox\Purity\WINDOWS\ICROSO~1
C:\QooBox\Purity\WINDOWS\YSTEM~1
C:\QooBox\Purity\WINDOWS\ICROSO~1\?icrosoft
C:\QooBox\Purity\WINDOWS\system32\SSEMBL~1
C:\QooBox\Purity\WINDOWS\system32\SSEMBL~1\winlogon.exe
C:\QooBox\Purity\WINDOWS\system32\SSEMBL~1\?ssembly

((((((((((((((((((((((((((((((( Files Created from 2006-07-24 to 2006-08-24 ))))))))))))))))))))))))))))))))))

2006-08-23 19:36 32,573 --a------ C:\WINDOWS\system32\adrot-uninst.exe
2006-08-23 18:48 106,496 --a------ C:\WINDOWS\Duce6.exe
2006-08-23 18:46 61,952 --a------ C:\WINDOWS\system32\xpv72e6e.dll
2006-08-23 18:46 215,308 --a------ C:\WINDOWS\Setup90.exe
2006-08-23 18:46 1,233 --a------ C:\WINDOWS\system32\xpv72e6e.sys
2006-08-23 18:45 36,864 --a------ C:\WINDOWS\thiselt.exe
2006-08-23 18:45 115,157 --a------ C:\WINDOWS\Justin.exe
2006-08-23 06:56 40,973 ---hs---- C:\WINDOWS\system32\mljkiih.dll
2006-08-23 06:36 922,777 ---hs---- C:\WINDOWS\system32\lmllm.bak2
2006-08-23 01:05 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2006-08-23 01:05 550,400 --a------ C:\WINDOWS\system32\rtcdll.dll
2006-08-23 01:05 48,640 --a------ C:\WINDOWS\system32\browser.dll
2006-08-23 01:05 454,656 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-08-23 01:05 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2006-08-23 01:02 97,280 --a------ C:\WINDOWS\system32\txflog.dll
2006-08-23 01:02 64,512 --a------ C:\WINDOWS\system32\mtxclu.dll
2006-08-23 01:02 442,880 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-08-23 01:02 226,816 --a------ C:\WINDOWS\system32\es.dll
2006-08-23 01:02 214,528 --a------ C:\WINDOWS\system32\rpcss.dll
2006-08-23 01:02 1,105,408 --a------ C:\WINDOWS\system32\ole32.dll
2006-08-23 00:58 218,624 --a------ C:\WINDOWS\system32\srrstr.dll
2006-08-23 00:54 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-08-22 22:11 10,240 --a------ C:\WINDOWS\CTDCRES.DLL
2006-08-22 21:55 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-08-22 21:47 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-08-22 21:47 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-08-22 21:47 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-08-22 21:47 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2006-08-22 21:47 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2006-08-22 21:47 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2006-08-22 21:47 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2006-08-22 21:47 68,096 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2006-08-22 21:47 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-08-22 21:47 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2006-08-22 21:47 63,768 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-08-22 21:47 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2006-08-22 21:47 590,336 --a------ C:\WINDOWS\system32\d3dramp.dll
2006-08-22 21:47 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-08-22 21:47 57,856 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-08-22 21:47 53,248 --a------ C:\WINDOWS\system32\devenum.dll
2006-08-22 21:47 524,800 --a------ C:\WINDOWS\system32\qedit.dll
2006-08-22 21:47 47,616 --a------ C:\WINDOWS\system32\d3dxof.dll
2006-08-22 21:47 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-08-22 21:47 44,032 --a------ C:\WINDOWS\system32\dimap.dll
2006-08-22 21:47 436,224 --a------ C:\WINDOWS\system32\d3dim.dll
2006-08-22 21:47 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-08-22 21:47 394,240 --a------ C:\WINDOWS\system32\diactfrm.dll
2006-08-22 21:47 382,976 --a------ C:\WINDOWS\system32\qdvd.dll
2006-08-22 21:47 377,856 --a------ C:\WINDOWS\system32\dpnet.dll
2006-08-22 21:47 363,520 --a------ C:\WINDOWS\system32\dsound.dll
2006-08-22 21:47 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-08-22 21:47 350,208 --a------ C:\WINDOWS\system32\d3drm.dll
2006-08-22 21:47 34,816 --a------ C:\WINDOWS\system32\d3dpmesh.dll
2006-08-22 21:47 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2006-08-22 21:47 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2006-08-22 21:47 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-08-22 21:47 31,744 --a------ C:\WINDOWS\system32\pid.dll
2006-08-22 21:47 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2006-08-22 21:47 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2006-08-22 21:47 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2006-08-22 21:47 276,480 --a------ C:\WINDOWS\system32\qdv.dll
2006-08-22 21:47 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2006-08-22 21:47 265,728 --a------ C:\WINDOWS\system32\ddraw.dll
2006-08-22 21:47 258,424 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-22 21:47 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2006-08-22 21:47 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2006-08-22 21:47 223,232 --a------ C:\WINDOWS\system32\gcdef.dll
2006-08-22 21:47 22,016 --a------ C:\WINDOWS\system32\dpmodemx.dll
2006-08-22 21:47 203,264 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-08-22 21:47 194,560 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-08-22 21:47 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2006-08-22 21:47 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2006-08-22 21:47 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-08-22 21:47 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2006-08-22 21:47 177,152 --a------ C:\WINDOWS\system32\qcap.dll
2006-08-22 21:47 168,960 --a------ C:\WINDOWS\system32\dinput8.dll
2006-08-22 21:47 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2006-08-22 21:47 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2006-08-22 21:47 151,552 --a------ C:\WINDOWS\system32\dinput.dll
2006-08-22 21:47 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2006-08-22 21:47 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2006-08-22 21:47 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2006-08-22 21:47 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2006-08-22 21:47 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2006-08-22 21:47 1,246,208 --a------ C:\WINDOWS\system32\quartz.dll
2006-08-22 21:47 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-08-22 21:47 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2006-08-22 21:47 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll
2006-08-22 21:36 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-08-21 20:02 361,984 --a------ C:\WINDOWS\system32\qmgr.dll
2006-08-21 20:01 90,624 --a------ C:\WINDOWS\system32\msoert2.dll
2006-08-21 20:01 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-08-21 20:01 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2006-08-21 20:01 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-08-21 20:01 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2006-08-21 20:01 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-08-21 20:01 61,952 --a------ C:\WINDOWS\system32\srclient.dll
2006-08-21 20:01 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-08-21 20:01 47,616 --a------ C:\WINDOWS\system32\inetres.dll
2006-08-21 20:01 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2006-08-21 20:01 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-08-21 20:01 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-08-21 20:01 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-08-21 20:01 32,384 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-08-21 20:01 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-08-21 20:01 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-08-21 20:01 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2006-08-21 20:01 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2006-08-21 20:01 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-08-21 20:01 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-08-21 20:01 158,720 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-08-21 20:01 155,136 --a------ C:\WINDOWS\system32\srsvc.dll
2006-08-21 19:59 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-08-21 19:59 88,576 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-08-21 19:59 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-08-21 19:59 8,704 --a------ C:\WINDOWS\system32\icaapi.dll
2006-08-21 19:59 73,864 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-08-21 19:59 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2006-08-21 19:59 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-08-21 19:59 57,344 --a------ C:\WINDOWS\system32\licwmi.dll
2006-08-21 19:59 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-08-21 19:59 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-08-21 19:59 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-08-21 19:59 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2006-08-21 19:59 503,296 --a------ C:\WINDOWS\system32\mstscax.dll
2006-08-21 19:59 41,984 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-08-21 19:59 40,448 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-08-21 19:59 4,096 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-08-21 19:59 385,536 --a------ C:\WINDOWS\system32\mstsc.exe
2006-08-21 19:59 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-08-21 19:59 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-08-21 19:59 197,632 -ra------ C:\WINDOWS\system32\termsrv.dll
2006-08-21 19:59 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2006-08-21 19:59 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2006-08-21 19:59 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2006-08-21 19:59 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-08-21 19:59 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-08-21 19:59 134,656 --a------ C:\WINDOWS\system32\rdchost.dll
2006-08-21 19:59 130,048 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-08-21 19:59 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-08-21 19:59 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-08-21 19:59 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-08-21 19:59 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-08-21 19:59 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-08-21 19:32 70,656 --a------ C:\WINDOWS\system32\storprop.dll
2006-08-21 19:32 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-08-21 19:32 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-08-21 17:51 13,844 --a------ C:\WINDOWS\system32\mwjxseim.exe
2006-08-21 17:50 925,946 ---hs---- C:\WINDOWS\system32\lmllm.bak1
2006-08-21 17:50 573,492 ---hs---- C:\WINDOWS\system32\mllml.dll
2006-08-21 17:45 2 --a------ C:\WINDOWS\system32\wnscpsu.exe
2006-08-21 17:45 155,136 --a------ C:\WINDOWS\system32\oins.exe
2006-08-21 17:41 159,744 --a------ C:\WINDOWS\sys015456957121.exe
2006-08-21 15:48 53,248 --a------ C:\WINDOWS\uni_ehhhh.exe
2006-08-21 10:36 78,848 --a------ C:\WINDOWS\system32\nsi279.dll
2006-08-21 09:47 58,880 --a------ C:\WINDOWS\system32\adrotate.dll
2006-08-20 22:40 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-08-20 13:02 11,776 --a------ C:\WINDOWS\INRES.DLL
2006-08-20 12:57 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-08-20 12:55 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-08-20 12:49 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-08-20 12:49 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-08-20 12:49 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-08-24 21:07 -------- d-a------ C:\Program Files\Common Files
2006-08-24 21:05 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-23 23:54 -------- d-------- C:\Documents and Settings\Matt\Application Data\Skype
2006-08-23 22:46 -------- d-------- C:\Program Files\Hijack This!
2006-08-23 22:42 -------- d-------- C:\Documents and Settings\Matt\Application Data\Ventrilo
2006-08-23 21:29 -------- d-------- C:\Program Files\Trillian
2006-08-23 21:27 -------- d-------- C:\Documents and Settings\Matt\Application Data\TrojanHunter
2006-08-23 19:21 -------- d-------- C:\Program Files\TrojanHunter 4.5
2006-08-23 19:11 -------- d-------- C:\Program Files\Creative
2006-08-23 18:38 -------- d-------- C:\Program Files\Lavasoft
2006-08-23 18:38 -------- d-------- C:\Documents and Settings\Matt\Application Data\Lavasoft
2006-08-23 01:05 -------- d-------- C:\Program Files\NetMeeting
2006-08-23 00:33 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-22 23:29 -------- d-------- C:\Program Files\EphPod
2006-08-22 22:30 -------- d-------- C:\Program Files\CleanUp!
2006-08-22 22:14 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-22 22:13 -------- d-------- C:\Documents and Settings\Matt\Application Data\Creative
2006-08-22 22:06 -------- d-------- C:\Program Files\World of Warcraft
2006-08-22 21:24 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-08-22 21:18 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-22 20:53 -------- d-------- C:\Program Files\Belkin
2006-08-21 20:07 -------- d-------- C:\Program Files\Windows Media Player
2006-08-21 20:02 -------- d-------- C:\Program Files\Movie Maker
2006-08-21 20:01 -------- d-------- C:\Program Files\Outlook Express
2006-08-21 20:01 -------- d-------- C:\Program Files\Internet Explorer
2006-08-21 20:01 -------- d-------- C:\Program Files\Common Files\System
2006-08-21 19:59 -------- d-------- C:\Program Files\Windows NT
2006-08-21 19:52 -------- d-------- C:\Program Files\Lexmark X1100 Series
2006-08-20 17:27 -------- d-------- C:\Program Files\Warcraft III
2006-08-18 14:09 -------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2006-08-17 14:50 -------- d-------- C:\Documents and Settings\Matt\Application Data\Sun
2006-08-17 01:14 -------- d-------- C:\Program Files\WinZip
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-06-01 17:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-06-01 17:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-06-01 17:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-06-01 17:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-06-01 17:22 7618560 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-06-01 17:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-06-01 17:22 5652480 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-06-01 17:22 5632000 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-06-01 17:22 5246976 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-06-01 17:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-06-01 17:22 462848 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-06-01 17:22 4529408 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-06-01 17:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-06-01 17:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-06-01 17:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-06-01 17:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-06-01 17:22 3100672 --a------ C:\WINDOWS\system32\nvgames.dll
2006-06-01 17:22 2977792 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-06-01 17:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-06-01 17:22 2916352 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-06-01 17:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-06-01 17:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-06-01 17:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-06-01 17:22 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-06-01 17:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-06-01 17:22 1740800 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-06-01 17:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-06-01 17:22 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-06-01 17:22 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-06-01 17:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-06-01 17:22 1466368 --a------ C:\WINDOWS\system32\nview.dll
2006-06-01 17:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-06-01 17:22 1257472 --a------ C:\WINDOWS\system32\nvwss.dll
2006-06-01 17:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-06-01 17:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\\WINDOWS\\Updreg.exe"
"Jet Detection"="C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"CTHelper"="CTHELPER.EXE"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.5\\THGuard.exe\""
"xpv72e6e"="RUNDLL32.EXE w3c66798.dll,n 00372e6b000000023c66798"
"sys015456957121"="C:\\WINDOWS\\sys015456957121.exe"
"adstart"="\"iexplore.exe\" \"http://iesettingsupdate\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="\"C:\\Program Files\\CursorXP\\CursorXP.exe\" -s"
"ef5d5a26.exe"="C:\\Documents and Settings\\Matt\\Local Settings\\Application Data\\ef5d5a26.exe"
"Ncao"="\"C:\\WINDOWS\\System32\\SSEMBL~1\\winlogon.exe\" -vt yax"
"Pikwai"="C:\\Program Files\\?ystem\\m?dtc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:5f,00,00,00
@=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e7,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{259BA022-2005-45E9-A965-10EDB9C00618}"="Windowz Updater"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}"="g322"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5A3E97DD-2A08-48BC-8F43-C0DEABC90266}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\Matt\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^HotSync Manager.lnk]
"path"="C:\\Documents and Settings\\Matt\\Start Menu\\Programs\\Startup\\HotSync Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\HotSync Manager.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\palmOne\\HOTSYNC.EXE "
"item"="HotSync Manager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\!ewido]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ewido"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Lexmark X1100 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbkbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\h618
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkiih
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllml
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineak32

Completion time: Thu 08/24/2006 21:13:29.24
ComboFix.txt

Hijack Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:44:01 PM, on 8/24/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\WINDOWS\sys015456957121.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\Hijack This!\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [xpv72e6e] RUNDLL32.EXE w3c66798.dll,n 00372e6b000000023c66798
O4 - HKLM\..\Run: [sys015456957121] C:\WINDOWS\sys015456957121.exe
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [ef5d5a26.exe] C:\Documents and Settings\Matt\Local Settings\Application Data\ef5d5a26.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1156300299077
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.....cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15026/CTPID.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#4
Shaba

Posted 25 August 2006 - 09:51 AM

Malware Expert

Member
558 posts

Hi

You are quite behind on your Windows Updates and Patches!!

The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here to get WinXP SP1a: http://www.microsoft.com/downloads/details...&DisplayLang=en

Apply the update, reboot, then go to Windows Update and install all the Critical Updates (Note: Except for WinXP SP2)
Click here for Windows Update: http://www.windowsupdate.com/

After installing all the Patches and updates, reboot, then post a fresh Hijack This log.

#5
Solarin

Posted 25 August 2006 - 02:38 PM

Member

Topic Starter
Member
28 posts

Haha windows installed SP2 on it's own while I was sleeping. The pop-up problem seems to be fixed by the way. The startup does seem slightly faster as well. However I received a new error message in conjuction with the one I described before. It reads:

tapeG22

Run-time error '35756'

Unable to complete request

Here's the new Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 3:34:50 PM, on 8/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This!\HijackThis.exe

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [xpv72e6e] RUNDLL32.EXE w3c66798.dll,n 00372e6b000000023c66798
O4 - HKLM\..\Run: [sys015456957121] C:\WINDOWS\sys015456957121.exe
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [ef5d5a26.exe] C:\Documents and Settings\Matt\Local Settings\Application Data\ef5d5a26.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1156300299077
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.....cab?refid=1123
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15026/CTPID.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Edited by Solarin, 25 August 2006 - 02:41 PM.

#6
Shaba

Posted 26 August 2006 - 02:55 AM

Malware Expert

Member
558 posts

Hi

Rename HijackThis.exe to HJT.exe

Open HijackThis, click do a system scan only and checkmark these:

O4 - HKLM\..\Run: [xpv72e6e] RUNDLL32.EXE w3c66798.dll,n 00372e6b000000023c66798
O4 - HKLM\..\Run: [sys015456957121] C:\WINDOWS\sys015456957121.exe
O4 - HKCU\..\Run: [ef5d5a26.exe] C:\Documents and Settings\Matt\Local Settings\Application Data\ef5d5a26.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.....cab?refid=1123

Close all windows including browser and press fix checked

Please download the Killbox.
Unzip it to the desktop.

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\sys015456957121.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\ef5d5a26.exe
C:\WINDOWS\system32\adrot-uninst.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\system32\xpv72e6e.dll
C:\WINDOWS\Setup90.exe
C:\WINDOWS\system32\xpv72e6e.sys
C:\WINDOWS\thiselt.exe
C:\WINDOWS\Justin.exe
C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\uni_ehhhh.exe
C:\WINDOWS\system32\adrotate.dll
C:\WINDOWS\system32\nsi279.dll
C:\WINDOWS\system32\mwjxseim.exe
C:\WINDOWS\system32\lmllm.bak1

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Empty this folder -> C:\!KillBox

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

Re-run combofix

Send:

- a fresh HijackThis log
- kaspersky report
- combofix report

#7
Solarin

Posted 26 August 2006 - 03:06 PM

Member

Topic Starter
Member
28 posts

Hijack This! Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:01:46 PM, on 8/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijack This!\HJT.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
O2 - BHO: XBTB03748 - {1CBC8587-1E29-4c2b-9739-D0E563905B32} - C:\PROGRA~1\E-CHOR~1\e-chords.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {56F0AD9F-5C9A-4F37-B2C7-45CEDC796E8F} - C:\WINDOWS\system32\mllml.dll
O2 - BHO: (no name) - {5A3E97DD-2A08-48BC-8F43-C0DEABC90266} - C:\WINDOWS\System32\mljkiih.dll (file missing)
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\System32\nsi279.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\g3181812.dll (file missing)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1156300299077
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15026/CTPID.cab
O20 - Winlogon Notify: h618 - C:\WINDOWS\g20717062.dll (file missing)
O20 - Winlogon Notify: mljkiih - mljkiih.dll (file missing)
O20 - Winlogon Notify: mllml - C:\WINDOWS\system32\mllml.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineak32 - wineak32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Edited by Solarin, 26 August 2006 - 03:08 PM.

#8
Solarin

Posted 26 August 2006 - 03:09 PM

Member

Topic Starter
Member
28 posts

Kapersky Log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, August 26, 2006 3:50:42 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/08/2006
Kaspersky Anti-Virus database records: 218519
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 139817
Number of viruses found: 19
Number of infected objects: 59 / 0
Number of suspicious objects: 4
Duration of the scan process: 03:17:07

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite59.zip/backWeb-8876480.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite59.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader2.zip/stcloader.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05540000\47FDF968.VBN Infected: Trojan-Clicker.Win32.VB.lf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05540000\47FDF969.VBN Infected: Trojan-Clicker.Win32.VB.lf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05540000\47FDF96A.VBN Infected: Trojan-Clicker.Win32.VB.lf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05540000\47FDF96B.VBN Infected: Trojan-Clicker.Win32.VB.lf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00000\4FFB6D50.VBN/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00000\4FFB6D50.VBN WiseSFX: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00000\4FFB6D50.VBN WiseSFX Dropper: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00000\4FFB6D50.VBN Exe2Dll: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00000\4FFB6D50.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00001\4FFBD0C9.VBN/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00001\4FFBD0C9.VBN WiseSFX: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00001\4FFBD0C9.VBN WiseSFX Dropper: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00001\4FFBD0C9.VBN Exe2Dll: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00001\4FFBD0C9.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB40000\4EF41996.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.by skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EC80000\4EEFF753.VBN Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EC80001\4EEFFD91.VBN Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EC80002\4EEFFDC4.VBN Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EC80003\4EEFFE17.VBN Infected: Packed.Win32.Klone.g skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\cert8.db Object is locked skipped
C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\history.dat Object is locked skipped
C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\key3.db Object is locked skipped
C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\parent.lock Object is locked skipped
C:\Documents and Settings\Matt\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Matt\Desktop\e-chords.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.SearchIt.o skipped
C:\Documents and Settings\Matt\Desktop\e-chords.exe/stream Infected: not-a-virus:AdWare.Win32.SearchIt.o skipped
C:\Documents and Settings\Matt\Desktop\e-chords.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Matt\Desktop\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Documents and Settings\Matt\Desktop\OiUninstaller.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Matt\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Matt\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Application Data\Mozilla\Firefox\Profiles\du0ddou1.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Temp\~DFEA4B.tmp Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\AntiPhishing\07FB382D-AA75-4683-82F4-EAB265A275CB.dat Object is locked skipped
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matt\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Matt\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Matthew Cavanaugh\My Documents\Education and School\Econ 1015\econ 5 1st exam ws03V1.doc Object is locked skipped
C:\Documents and Settings\Matthew Cavanaugh\My Documents\My Literature\Angelic.doc Object is locked skipped
C:\Documents and Settings\Matthew Cavanaugh\My Documents\My Literature\book prolouge.doc Object is locked skipped
C:\Documents and Settings\Matthew Cavanaugh\My Documents\My Literature\King's Juggle List.doc Object is locked skipped
C:\Documents and Settings\Matthew Cavanaugh\My Documents\My Literature\nightmare.txt Object is locked skipped
C:\Documents and Settings\Matthew Cavanaugh\My Documents\My Literature\One Summer Afternoon....doc Object is locked skipped
C:\Documents and Settings\Matthew Cavanaugh\My Documents\My Literature\Pope.doc Object is locked skipped
C:\Documents and Settings\Matthew Cavanaugh\My Documents\My Literature\The Young Patriot.doc Object is locked skipped
C:\Documents and Settings\Matthew Cavanaugh\My Documents\My Literature\War of the Phoenix.doc Object is locked skipped
C:\Documents and Settings\Matthew Cavanaugh\My Documents\Thumbs.db Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Boot Randomizer\Boot\12391.zip Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Internet Explorer\ie6setup.exe Object is locked skipped
C:\Program Files\Microsoft Office\Office10\SARGE.acs Object is locked skipped
C:\Program Files\Microsoft Office\Office10\Sarge.inf Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0067NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0443NAV~.TMP Object is locked skipped
C:\RECYCLER\NPROTECT\00026344.dtd Object is locked skipped
C:\RECYCLER\NPROTECT\00026345.dtd Object is locked skipped
C:\RECYCLER\NPROTECT\00026348.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00026352.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00026375.DBX Object is locked skipped
C:\RECYCLER\NPROTECT\00026389.BIN Object is locked skipped
C:\RECYCLER\NPROTECT\00026390.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00026398.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026399.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026400.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026401.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026402.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026403.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026405.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026406.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026427.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00026428.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00026439.cab Object is locked skipped
C:\RECYCLER\NPROTECT\00026445 Object is locked skipped
C:\RECYCLER\NPROTECT\00026446.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00026449.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00026450.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00026451.sig Object is locked skipped
C:\RECYCLER\NPROTECT\00026452.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00026453.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00026454.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026455.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026456.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026457.1 Object is locked skipped
C:\RECYCLER\NPROTECT\00026458.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00026459.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00026460.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026461.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026462.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00026463.cat Object is locked skipped
C:\RECYCLER\NPROTECT\00026464.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00026465.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026466.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026467.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00026468.url Object is locked skipped
C:\RECYCLER\NPROTECT\00026469.ver Object is locked skipped
C:\RECYCLER\NPROTECT\00026470.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00026471.PSM Object is locked skipped
C:\RECYCLER\NPROTECT\00026472.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00026473.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00026474.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00026475.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00026476.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00026486.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00026489.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026490.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026491.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026492.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026493.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026494.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026495.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026496.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026497.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026498.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026499.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026500.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026502.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00026503.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026504.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026505.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026506.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026507.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026518.BIN Object is locked skipped
C:\RECYCLER\NPROTECT\00026519.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00026531.DBX Object is locked skipped
C:\RECYCLER\NPROTECT\00026532.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026533.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026535.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026538.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026539.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026541.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026542.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026543.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026544.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026545.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026546.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026548.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026550.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026551.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026569.cab Object is locked skipped
C:\RECYCLER\NPROTECT\00026574 Object is locked skipped
C:\RECYCLER\NPROTECT\00026575.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00026579.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00026580.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00026581.sig Object is locked skipped
C:\RECYCLER\NPROTECT\00026582.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00026583.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00026584.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026585.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026586.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026587.1 Object is locked skipped
C:\RECYCLER\NPROTECT\00026588.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00026589.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00026590.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026591.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026592.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00026593.cat Object is locked skipped
C:\RECYCLER\NPROTECT\00026594.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00026595.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026596.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026597.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00026598.url Object is locked skipped
C:\RECYCLER\NPROTECT\00026599.ver Object is locked skipped
C:\RECYCLER\NPROTECT\00026600.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00026601.PSM Object is locked skipped
C:\RECYCLER\NPROTECT\00026602.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00026603.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00026604.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00026605.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00026606.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00026607.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00026608.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00026619.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026620.DBX Object is locked skipped
C:\RECYCLER\NPROTECT\00026621.DBX Object is locked skipped
C:\RECYCLER\NPROTECT\00026622.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026623.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026625.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026626.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026628.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00026630.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00026633.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00026636.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00026644.BIN Object is locked skipped
C:\RECYCLER\NPROTECT\00026655.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00026658.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026659.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026660.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026661.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026662.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026664.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026665.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026666.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026667.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026668.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026669.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026670.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026671.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026673.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026676.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026679.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026680.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026682.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026685.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026686.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026688.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026689.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026694.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026696.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026699.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026700.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026704.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026705.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026709.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026713.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00026715.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026716.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00026719.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026725.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026726.sol Object is locked skipped
C:\RECYCLER\NPROTECT\00026727.sol Object is locked skipped
C:\RECYCLER\NPROTECT\00026728.sol Object is locked skipped
C:\RECYCLER\NPROTECT\00026729.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026732.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026733.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026735.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026736.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026737.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026738.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026739.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026740.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026741.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026742.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026743.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026744.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026745.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026746.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026747.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026748.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026749.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026750.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026751.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026752.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026753.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026754.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026755.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026756.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026757.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026759.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026762.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026763.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026765.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026766.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026767.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026768.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026769.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026770.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026771.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026772.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026774.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026775.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026781.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026782.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026784.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026785.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00026805.cab Object is locked skipped
C:\RECYCLER\NPROTECT\00026810 Object is locked skipped
C:\RECYCLER\NPROTECT\00026811.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00026815.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00026816.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00026817.sig Object is locked skipped
C:\RECYCLER\NPROTECT\00026818.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00026819.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00026820.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026821.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026822.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026823.1 Object is locked skipped
C:\RECYCLER\NPROTECT\00026824.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00026825.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00026826.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026827.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026828.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00026829.cat Object is locked skipped
C:\RECYCLER\NPROTECT\00026830.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00026831.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026832.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00026833.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00026834.url Object is locked skipped
C:\RECYCLER\NPROTECT\00026835.ver Object is locked skipped
C:\RECYCLER\NPROTECT\00026836.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00026837.PSM Object is locked skipped
C:\RECYCLER\NPROTECT\00026838.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00026839.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00026840.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00026841.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00026845.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00026851.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00026852.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00026861.BIN Object is locked skipped
C:\RECYCLER\NPROTECT\00026862.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00026874.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00026875.REG Object is locked skipped
C:\RECYCLER\NPROTECT\00026876.REG Object is locked skipped
C:\RECYCLER\NPROTECT\00026877.REG Object is locked skipped
C:\RECYCLER\NPROTECT\00026878.REG Object is locked skipped
C:\RECYCLER\NPROTECT\00026879.REG Object is locked skipped
C:\RECYCLER\NPROTECT\00026880.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026881.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026882.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026883.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026884.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026885.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026886.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026887.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026888.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026889.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026890.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026891.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026892.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026893.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026894.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026895.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026896.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026897.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026898.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026899.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026900.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026901.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026902.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026903.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026904.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026905.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026906.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026907.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026908.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026909.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026910.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026911.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026912.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026913.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026914.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026915.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026916.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026917.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026918.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026919.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026920.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026921.und Object is locked skipped
C:\RECYCLER\NPROTECT\00026922.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026923.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026924.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026925.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026926.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026927.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026928.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026929.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026930.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026931.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026932.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026933.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026934.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026935.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026936.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026937.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026938.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026939.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026940.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026941.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026942.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026943.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026944.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026945.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026946.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026947.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026948.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026949.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026950.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026951.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026952.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026953.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026954.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026955.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026956.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026957.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026958.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026959.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026960.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026961.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026962.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026963.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026964.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026965.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026966.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026967.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026968.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026969.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026970.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026971.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026972.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026973.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026974.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026975.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026976.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026977.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026978.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026979.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026980.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026981.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026982.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026983.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026984.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026985.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026986.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026987.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026988.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026989.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026990.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026991.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026992.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026993.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026994.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026995.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026996.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026997.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026998.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00026999.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00027000.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00027001.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00027002.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00027003.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00027004.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00027005.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00027006.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00027007.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00027008.sud Object is locked skipped
C:\RECYCLER\NPROTECT\00027011.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027012.DBX Object is locked skipped
C:\RECYCLER\NPROTECT\00027013.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027014.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027015.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027017.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027019.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027020.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027035.cab Object is locked skipped
C:\RECYCLER\NPROTECT\00027040 Object is locked skipped
C:\RECYCLER\NPROTECT\00027041.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00027044.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00027045.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00027046.sig Object is locked skipped
C:\RECYCLER\NPROTECT\00027047.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00027048.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00027049.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00027050.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00027051.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00027052.1 Object is locked skipped
C:\RECYCLER\NPROTECT\00027053.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00027054.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00027055.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00027056.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00027057.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00027059.cat Object is locked skipped
C:\RECYCLER\NPROTECT\00027060.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00027061.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00027062.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00027063.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00027064.url Object is locked skipped
C:\RECYCLER\NPROTECT\00027065.ver Object is locked skipped
C:\RECYCLER\NPROTECT\00027066.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00027067.PSM Object is locked skipped
C:\RECYCLER\NPROTECT\00027068.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00027069.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00027070.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00027071.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00027072.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00027084.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00027087.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027088.DBX Object is locked skipped
C:\RECYCLER\NPROTECT\00027089.DBX Object is locked skipped
C:\RECYCLER\NPROTECT\00027091.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00027096.DBX Object is locked skipped
C:\RECYCLER\NPROTECT\00027102.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00027115.BIN Object is locked skipped
C:\RECYCLER\NPROTECT\00027116.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00027122.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00027123.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00027125.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027126.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027127.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027128.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027129.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027130.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027131.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027132.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027133.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027134.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027136.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027137.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027138.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027139.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027140.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027146.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00027147.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00027148.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00027149.MCH Object is locked skipped
C:\RECYCLER\NPROTECT\00027150.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027159.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00027172.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027173.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027174.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027176.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027177.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027183.cab Object is locked skipped
C:\RECYCLER\NPROTECT\00027189 Object is locked skipped
C:\RECYCLER\NPROTECT\00027190.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00027193.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00027194.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00027195.sig Object is locked skipped
C:\RECYCLER\NPROTECT\00027196.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00027197.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00027198.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00027199.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00027200.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00027201.1 Object is locked skipped
C:\RECYCLER\NPROTECT\00027202.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00027203.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00027204.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00027205.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00027206.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00027207.cat Object is locked skipped
C:\RECYCLER\NPROTECT\00027208.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00027209.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00027210.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00027211.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00027212.url Object is locked skipped
C:\RECYCLER\NPROTECT\00027213.ver Object is locked skipped
C:\RECYCLER\NPROTECT\00027214.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00027215.PSM Object is locked skipped
C:\RECYCLER\NPROTECT\00027216.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00027217.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00027218.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00027219.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00027220.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027221.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027222.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027223.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027224.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027225.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027226.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00027235.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00027236.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027237.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027247.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00027252.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00027254.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00027256.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027259.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027260.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027261.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027281.BIN Object is locked skipped
C:\RECYCLER\NPROTECT\00027282.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00027284.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027286.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027287.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027288.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027289.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027291.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027292.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027294.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027295.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027296.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027297.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027298.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027300.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027301.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027302.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027303.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027304.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027305.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027306.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027307.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027308.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027309.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027310.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027311.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027312.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027313.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027314.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027316.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027317.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027319.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027320.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027321.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027322.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027323.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027324.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027325.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027326.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027328.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027334.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027335.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027336.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027337.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027338.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027339.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027340.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027341.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027342.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027343.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027344.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027345.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027346.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027347.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027348.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027349.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027350.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027351.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027352.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027353.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027354.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027355.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027356.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027357.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027358.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027359.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027360.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027361.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027362.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027363.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027364.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027365.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027366.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027367.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027368.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027369.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027370.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027371.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027372.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027373.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027374.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027375.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027376.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027377.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027378.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027379.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027380.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027381.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027382.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027383.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027384.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027385.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027386.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027387.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027388.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027389.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027390.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027391.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027392.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027393.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027394.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027395.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027396.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027397.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027398.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027399.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027400.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027401.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027402.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027403.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027404.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027405.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027406.OLD Object is locked skipped

Edited by Solarin, 26 August 2006 - 03:12 PM.

#9
Solarin

Posted 26 August 2006 - 03:11 PM

Member

Topic Starter
Member
28 posts

Kapersky continued

C:\RECYCLER\NPROTECT\00027407.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027408.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027409.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027410.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027411.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027412.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027413.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027414.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027415.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027416.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027417.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027418.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027419.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027420.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027421.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027422.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027423.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027424.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027425.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027426.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027427.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027428.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027429.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027430.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027431.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027432.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027433.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027434.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027435.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027436.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027437.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027438.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027439.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027440.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027441.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027442.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027443.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027444.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027445.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027446.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027447.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027448.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027449.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027450.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027451.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027452.old Object is locked skipped
C:\RECYCLER\NPROTECT\00027453.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00027457.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027458.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00027473.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027476.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027481.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027482.box Object is locked skipped
C:\RECYCLER\NPROTECT\00027483.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00027484.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00027485.box Object is locked skipped
C:\RECYCLER\NPROTECT\00027493.msf Object is locked skipped
C:\RECYCLER\NPROTECT\00027498.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027501.MSF Object is locked skipped
C:\RECYCLER\NPROTECT\00027502.msf Object is locked skipped
C:\RECYCLER\NPROTECT\00027503.msf Object is locked skipped
C:\RECYCLER\NPROTECT\00027504.msf Object is locked skipped
C:\RECYCLER\NPROTECT\00027512.JAR Object is locked skipped
C:\RECYCLER\NPROTECT\00027520.JAR Object is locked skipped
C:\RECYCLER\NPROTECT\00027529.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027531.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027532.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027536.box Object is locked skipped
C:\RECYCLER\NPROTECT\00027538.DBX Object is locked skipped
C:\RECYCLER\NPROTECT\00027539.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027540.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027541.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027552.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00027554.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00027557.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00027568.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00027579.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00027581.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00027585.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00027587.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00027590.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00027593.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00027594.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00027605.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00027609.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00027909.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00027911.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028031.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028044.RES Object is locked skipped
C:\RECYCLER\NPROTECT\00028045.RES Object is locked skipped
C:\RECYCLER\NPROTECT\00028046.ifo Object is locked skipped
C:\RECYCLER\NPROTECT\00028047.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028048.res Object is locked skipped
C:\RECYCLER\NPROTECT\00028049.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028051.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028056.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028061.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00028062.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00028063.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00028064.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00028066.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028134.rim Object is locked skipped
C:\RECYCLER\NPROTECT\00028257.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028260.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028269.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028273.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028275.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028279.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028281.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028283.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028286.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028289.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028293.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028298.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028302.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028304.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028307.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028310.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028312.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028316.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028442.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028444.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028450.RES Object is locked skipped
C:\RECYCLER\NPROTECT\00028451.RES Object is locked skipped
C:\RECYCLER\NPROTECT\00028452.ifo Object is locked skipped
C:\RECYCLER\NPROTECT\00028453.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028454.res Object is locked skipped
C:\RECYCLER\NPROTECT\00028455.rim Object is locked skipped
C:\RECYCLER\NPROTECT\00028515.RES Object is locked skipped
C:\RECYCLER\NPROTECT\00028516.RES Object is locked skipped
C:\RECYCLER\NPROTECT\00028517.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028518.res Object is locked skipped
C:\RECYCLER\NPROTECT\00028519.tga Object is locked skipped
C:\RECYCLER\NPROTECT\00028702.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028703.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028704.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028705.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028706.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028707.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028708.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028709.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028710.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028711.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028712.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028713.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028714.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028715.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028716.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028717.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028718.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028719.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028720.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028721.RES Object is locked skipped
C:\RECYCLER\NPROTECT\00028722.utc Object is locked skipped
C:\RECYCLER\NPROTECT\00028723.fac Object is locked skipped
C:\RECYCLER\NPROTECT\00028724.rim Object is locked skipped
C:\RECYCLER\NPROTECT\00028726.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028737.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028740.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028742.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028743.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028744.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028745.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028746.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028747.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028748.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028749.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028750.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028751.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028752.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028753.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028754.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028755.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028756.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028757.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028758.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028759.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028760.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028761.RES Object is locked skipped
C:\RECYCLER\NPROTECT\00028762.utc Object is locked skipped
C:\RECYCLER\NPROTECT\00028763.fac Object is locked skipped
C:\RECYCLER\NPROTECT\00028764.rim Object is locked skipped
C:\RECYCLER\NPROTECT\00028765.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028775.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028778.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00028780.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028781.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028782.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028783.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028784.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028785.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028786.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028787.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028788.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028789.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028790.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028791.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028792.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028793.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028794.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028795.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028796.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028797.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028798.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028799.RES Object is locked skipped
C:\RECYCLER\NPROTECT\00028800.utc Object is locked skipped
C:\RECYCLER\NPROTECT\00028801.fac Object is locked skipped
C:\RECYCLER\NPROTECT\00028802.rim Object is locked skipped
C:\RECYCLER\NPROTECT\00028980.rim Object is locked skipped
C:\RECYCLER\NPROTECT\00028981.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028982.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028983.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028984.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028985.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028986.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028987.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028988.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028989.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028990.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028991.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028992.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028993.sav Object is locked skipped
C:\RECYCLER\NPROTECT\00028994.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028995.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028996.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028997.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028998.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00028999.UTC Object is locked skipped
C:\RECYCLER\NPROTECT\00029000.RES Object is locked skipped
C:\RECYCLER\NPROTECT\00029001.utc Object is locked skipped
C:\RECYCLER\NPROTECT\00029002.fac Object is locked skipped
C:\RECYCLER\NPROTECT\00029004.BMP Object is locked skipped
C:\RECYCLER\NPROTECT\00029007.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029010.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029011.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029014.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029016.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029017.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029018.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029020.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029021.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029036.JAR Object is locked skipped
C:\RECYCLER\NPROTECT\00029039.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029041.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029042.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029043.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00029044.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00029058.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029060.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00029061.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00029062.mfl Object is locked skipped
C:\RECYCLER\NPROTECT\00029071.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029073.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029074.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029075.mfl Object is locked skipped
C:\RECYCLER\NPROTECT\00029077.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029078.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029079.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029080.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029082.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029083.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029095.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029096.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029098.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029101.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029102.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029105.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029111.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029112.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029114.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029115.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029118.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029119.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029121.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029124.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029127.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029130.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029133.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029138 Object is locked skipped
C:\RECYCLER\NPROTECT\00029145.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029150.cab Object is locked skipped
C:\RECYCLER\NPROTECT\00029156 Object is locked skipped
C:\RECYCLER\NPROTECT\00029157.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00029160.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00029161.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00029162.sig Object is locked skipped
C:\RECYCLER\NPROTECT\00029163.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00029164.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00029165.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029166.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029167.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029168.1 Object is locked skipped
C:\RECYCLER\NPROTECT\00029169.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00029170.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00029171.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029172.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029173.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00029174.cat Object is locked skipped
C:\RECYCLER\NPROTECT\00029175.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00029176.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029177.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029178.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00029179.url Object is locked skipped
C:\RECYCLER\NPROTECT\00029180.ver Object is locked skipped
C:\RECYCLER\NPROTECT\00029181.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00029182.PSM Object is locked skipped
C:\RECYCLER\NPROTECT\00029183.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00029184.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00029185.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00029186.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00029190.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029191.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029194.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029199.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029200.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029202.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029204.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029205.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029210.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029211.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029214.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029215.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029216.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029226.BIN Object is locked skipped
C:\RECYCLER\NPROTECT\00029227.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029237.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029239.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029240.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029244.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029246.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029247.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029248.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029250.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029252.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029253.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029268.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029408.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029409.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029448.cab Object is locked skipped
C:\RECYCLER\NPROTECT\00029459 Object is locked skipped
C:\RECYCLER\NPROTECT\00029461.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00029462.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029466.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00029467.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00029468.sig Object is locked skipped
C:\RECYCLER\NPROTECT\00029469.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00029470.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00029471.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029472.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029473.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029474.1 Object is locked skipped
C:\RECYCLER\NPROTECT\00029475.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00029476.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00029477.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029478.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029479.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00029480.cat Object is locked skipped
C:\RECYCLER\NPROTECT\00029481.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00029482.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029483.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029484.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00029485.url Object is locked skipped
C:\RECYCLER\NPROTECT\00029486.ver Object is locked skipped
C:\RECYCLER\NPROTECT\00029487.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00029488.PSM Object is locked skipped
C:\RECYCLER\NPROTECT\00029489.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00029490.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00029491.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00029492.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00029493.DBX Object is locked skipped
C:\RECYCLER\NPROTECT\00029494.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029495.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029496.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029500.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029501.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029502.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029503.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029504.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029505.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029506.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029507.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029508.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029510.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029511.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029514.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029517.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029519.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029520.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029532.BIN Object is locked skipped
C:\RECYCLER\NPROTECT\00029533.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029540.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029542.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029543.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029544.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029545.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029546.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029548.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029549.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029553.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029558.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029560.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029563.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029566.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029569.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029572.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029575.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029578.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029581.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029582.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029612.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029615.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029616.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029620.PSD Object is locked skipped
C:\RECYCLER\NPROTECT\00029621.PSP Object is locked skipped
C:\RECYCLER\NPROTECT\00029631.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029636.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029637.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029639.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029640.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029641.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029642.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029646.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029649.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029653.cab Object is locked skipped
C:\RECYCLER\NPROTECT\00029660 Object is locked skipped
C:\RECYCLER\NPROTECT\00029661.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00029663.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00029664.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00029665.sig Object is locked skipped
C:\RECYCLER\NPROTECT\00029666.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00029667.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00029668.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029669.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029670.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029671.1 Object is locked skipped
C:\RECYCLER\NPROTECT\00029672.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00029673.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00029674.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029675.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029676.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00029677.cat Object is locked skipped
C:\RECYCLER\NPROTECT\00029678.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00029679.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029680.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00029681.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00029682.url Object is locked skipped
C:\RECYCLER\NPROTECT\00029683.ver Object is locked skipped
C:\RECYCLER\NPROTECT\00029684.inf Object is locked skipped
C:\RECYCLER\NPROTECT\00029685.PSM Object is locked skipped
C:\RECYCLER\NPROTECT\00029686.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00029687.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00029688.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00029689.STA Object is locked skipped
C:\RECYCLER\NPROTECT\00029690 Object is locked skipped
C:\RECYCLER\NPROTECT\00029691.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029692.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029698.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029699.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029700.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029701.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029702.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029703.log Object is locked skipped
C:\RECYCLER\NPROTECT\00029708.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029712.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029714.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029716.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029718.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029721.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029723.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029724.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029728.box Object is locked skipped
C:\RECYCLER\NPROTECT\00029732.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029733.box Object is locked skipped
C:\RECYCLER\NPROTECT\00029734.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00029735.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00029737.box Object is locked skipped
C:\RECYCLER\NPROTECT\00029738.mfl Object is locked skipped
C:\RECYCLER\NPROTECT\00029747.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029752.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029754.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029755.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029758.msf Object is locked skipped
C:\RECYCLER\NPROTECT\00029760.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029765.DBX Object is locked skipped
C:\RECYCLER\NPROTECT\00029767.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029772.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029773.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029774.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029775.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029776.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029777.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029781.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029783.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00029784.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00029785.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00029786.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00029787.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00029788.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00029789.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00029791.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00029792.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00029793.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029794.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029795.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029796.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029799.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029802.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00029803.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00029804.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00029806.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00029808.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00029809.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029810.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029811.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00029814.lo_ Object is locked skipped
C:\RECYCLER\NPROTECT\00029836.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029839.STE Object is locked skipped
C:\RECYCLER\NPROTECT\00029842.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00029848.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029850.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029852.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029853.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029855.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029857.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029858.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00029859.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029861.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029862.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029863.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029865.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029870.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029873.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029875.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029877.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029878.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029880.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029881.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029882.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029883.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029884.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029885.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029886.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029887.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029888.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029889.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029890.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00029893.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029894.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029896.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029902.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029906.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029907.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029908.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029912.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029916.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029917.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029919.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029920.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029921.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029922.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029923.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029924.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029927.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00029931.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029935.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029936.h Object is locked skipped
C:\RECYCLER\NPROTECT\00029937.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00029944.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029945.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029946.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029947.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00029948.h Object is locked skipped
C:\RECYCLER\NPROTECT\00029949.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00029957.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00029959.edb Object is locked skipped
C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-2010220994-3757435101-538525854-1005\Dc1617\ntrition.xls Object is locked skipped
C:\RECYCLER\S-1-5-21-2010220994-3757435101-538525854-1005\Dc835.exe Infected: Trojan-Downloader.Win32.VB.aem skipped
C:\RECYCLER\S-1-5-21-515967899-117609710-682003330-1003\Dc1\Purity\Program Files\Common Files\SSTEM3~1\wіnspool.exe Object is locked skipped
C:\RECYCLER\S-1-5-21-515967899-117609710-682003330-1003\Dc1\Purity\Program Files\YSTEM~1\mѕdtc.exe Object is locked skipped
C:\RECYCLER\S-1-5-21-515967899-117609710-682003330-1003\Dc1\Purity\WINDOWS\system32\SSEMBL~1\winlogon.exe Object is locked skipped
C:\RECYCLER\S-1-5-21-515967899-117609710-682003330-1003\Dc5.exe Infected: not-a-virus:Downloader.Win32.WinFixer.r skipped
C:\RECYCLER\S-1-5-21-515967899-117609710-682003330-1003\Dc7.exe/data0002 Infected: Trojan.Win32.VB.tg skipped
C:\RECYCLER\S-1-5-21-515967899-117609710-682003330-1003\Dc7.exe/data0005 Infected: Trojan.Win32.VB.tg skipped
C:\RECYCLER\S-1-5-21-515967899-117609710-682003330-1003\Dc7.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\RECYCLER\S-1-5-21-515967899-117609710-682003330-1003\Dc7.exe NSIS: infected - 3 skipped
C:\RECYCLER\S-1-5-21-515967899-117609710-682003330-1003\Dc8.exe Infected: Trojan.Win32.VB.tg skipped
C:\RECYCLER\S-1-5-21-515967899-117609710-682003330-1003\Dc9.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP0\A0001005.exe Infected: Trojan-Downloader.Win32.Zlob.agg skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP0\A0001006.dll.tcf Infected: Trojan-Downloader.Win32.Zlob.aae skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP1\A0001053.exe Infected: Trojan-Downloader.Win32.Zlob.agg skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP1\A0001054.exe Infected: Trojan-Downloader.Win32.Zlob.agg skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP1\A0001057.dll.tcf Infected: Trojan-Downloader.Win32.Zlob.aae skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP1\A0001088.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP1\A0001090.exe.tcf Infected: not-a-virus:AdWare.Win32.MediaTickets.w skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP1\A0001096.exe Object is locked skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP1\A0001097.exe Object is locked skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP22\A0002107.dll Object is locked skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP22\A0002108.exe Object is locked skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP22\A0002109.exe.tcf Object is locked skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP22\A0002340.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP22\A0003219.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP22\A0003227.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP22\A0003229.dll Infected: Trojan-Downloader.Win32.Zlob.agl skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP23\A0004238.exe Object is locked skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP23\A0004316.exe Infected: Trojan-Downloader.Win32.Zlob.agf skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP23\A0004319.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP23\A0004320.dll Object is locked skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP23\A0004329.dll Object is locked skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP23\A0004331.dll Object is locked skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP23\A0004332.dll Object is locked skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP23\A0004337.exe Object is locked skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP23\A0004381.dll Infected: not-a-virus:AdWare.Win32.TrafficSol.c skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP35\A0010984.exe Object is locked skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP35\A0010986.exe Object is locked skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP35\A0010987.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP35\A0010989.exe/data0002 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP35\A0010989.exe/data0005 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP35\A0010989.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP35\A0010989.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP35\A0010991.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP35\A0010993.exe Infected: not-a-virus:Downloader.Win32.WinFixer.r skipped
C:\System Volume Information\_restore{CC758005-0E50-410B-862F-2F533F9EFE56}\RP35\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx.tcf Object is locked skipped
C:\WINDOWS\em.ocx Object is locked skipped
C:\WINDOWS\g3181812.dll.tcf Infected: Trojan-Downloader.Win32.Delf.aeo skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{F4AB3452-7BAD-4D29-8C9B-60709F9C655C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\ismon.exe.tcf Infected: Trojan-Downloader.Win32.Zlob.agf skipped
C:\WINDOWS\system32\ixt0.dll.tcf Infected: Trojan-Downloader.Win32.Zlob.agl skipped
C:\WINDOWS\system32\oins.exe Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TWF0dGhldyBDYXZhbmF1Z2g\nqIXx315xV1Gsrt1vAIYtZ0.vbs Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\YAXUninst.exe.tcf Infected: not-a-virus:AdWare.Win32.MediaTickets.w skipped
C:\WINDOWS\{00000002-00000000-00000008-00001102-00000004-00511102}.CDF Object is locked skipped
G:\Education and School\Econ 1015\econ 5 1st exam ws03V1.doc Object is locked skipped
G:\My Literature\Angelic.doc Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Edited by Solarin, 26 August 2006 - 03:12 PM.

#10
Solarin

Posted 26 August 2006 - 03:13 PM

Member

Topic Starter
Member
28 posts

Combofix Log:

Matt - 06-08-26 15:52:13.85
ComboFix 06.08.24 - Running from: C:\Documents and Settings\Matt\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-07-26 to 2006-08-26 ))))))))))))))))))))))))))))))))))

2006-08-26 14:08 926,996 ---hs---- C:\WINDOWS\system32\lmllm.ini2
2006-08-26 00:11 87,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-08-25 15:49 117,760 --------- C:\WINDOWS\system32\xmllite.dll
2006-08-23 01:05 77,312 --a------ C:\WINDOWS\system32\browser.dll
2006-08-23 01:05 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-08-23 01:05 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2006-08-23 01:05 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-08-23 01:02 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2006-08-23 01:02 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-08-23 01:02 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
2006-08-23 01:02 243,200 --a------ C:\WINDOWS\system32\es.dll
2006-08-23 01:02 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2006-08-23 01:02 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll
2006-08-23 00:58 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-08-23 00:54 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2006-08-22 22:11 10,240 --a------ C:\WINDOWS\CTDCRES.DLL
2006-08-22 21:55 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-08-22 21:47 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-08-22 21:47 825,344 --a------ C:\WINDOWS\system32\d3dim700.dll
2006-08-22 21:47 82,432 --a------ C:\WINDOWS\system32\dmscript.dll
2006-08-22 21:47 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2006-08-22 21:47 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
2006-08-22 21:47 71,680 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2006-08-22 21:47 70,656 --a------ C:\WINDOWS\system32\amstream.dll
2006-08-22 21:47 63,768 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-08-22 21:47 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll
2006-08-22 21:47 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-08-22 21:47 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-08-22 21:47 590,336 --a------ C:\WINDOWS\system32\d3dramp.dll
2006-08-22 21:47 59,904 --a------ C:\WINDOWS\system32\devenum.dll
2006-08-22 21:47 57,344 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-08-22 21:47 562,176 --a------ C:\WINDOWS\system32\qedit.dll
2006-08-22 21:47 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-08-22 21:47 47,616 --a------ C:\WINDOWS\system32\d3dxof.dll
2006-08-22 21:47 44,032 --a------ C:\WINDOWS\system32\dimap.dll
2006-08-22 21:47 436,224 --a------ C:\WINDOWS\system32\d3dim.dll
2006-08-22 21:47 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-08-22 21:47 394,240 --a------ C:\WINDOWS\system32\diactfrm.dll
2006-08-22 21:47 385,024 --a------ C:\WINDOWS\system32\qdvd.dll
2006-08-22 21:47 375,296 --a------ C:\WINDOWS\system32\dpnet.dll
2006-08-22 21:47 367,616 --a------ C:\WINDOWS\system32\dsound.dll
2006-08-22 21:47 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-08-22 21:47 350,208 --a------ C:\WINDOWS\system32\d3drm.dll
2006-08-22 21:47 35,840 --a------ C:\WINDOWS\system32\dmloader.dll
2006-08-22 21:47 35,328 --a------ C:\WINDOWS\system32\pid.dll
2006-08-22 21:47 35,328 --a------ C:\WINDOWS\system32\mciqtz32.dll
2006-08-22 21:47 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-08-22 21:47 34,816 --a------ C:\WINDOWS\system32\d3dpmesh.dll
2006-08-22 21:47 30,208 --a------ C:\WINDOWS\system32\dplaysvr.exe
2006-08-22 21:47 3,584 --a------ C:\WINDOWS\system32\dpnlobby.dll
2006-08-22 21:47 3,584 --a------ C:\WINDOWS\system32\dpnaddr.dll
2006-08-22 21:47 28,672 --a------ C:\WINDOWS\system32\dmband.dll
2006-08-22 21:47 279,040 --a------ C:\WINDOWS\system32\qdv.dll
2006-08-22 21:47 27,136 --a------ C:\WINDOWS\system32\ddrawex.dll
2006-08-22 21:47 266,240 --a------ C:\WINDOWS\system32\ddraw.dll
2006-08-22 21:47 237,568 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-22 21:47 23,552 --a------ C:\WINDOWS\system32\dpmodemx.dll
2006-08-22 21:47 229,888 --a------ C:\WINDOWS\system32\dplayx.dll
2006-08-22 21:47 223,232 --a------ C:\WINDOWS\system32\gcdef.dll
2006-08-22 21:47 212,480 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-08-22 21:47 21,504 --a------ C:\WINDOWS\system32\dpvacm.dll
2006-08-22 21:47 204,288 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-08-22 21:47 192,512 --a------ C:\WINDOWS\system32\qcap.dll
2006-08-22 21:47 19,456 --a------ C:\WINDOWS\system32\dswave.dll
2006-08-22 21:47 181,760 --a------ C:\WINDOWS\system32\dsdmo.dll
2006-08-22 21:47 181,760 --a------ C:\WINDOWS\system32\dinput8.dll
2006-08-22 21:47 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-08-22 21:47 18,432 --a------ C:\WINDOWS\system32\dpnsvr.exe
2006-08-22 21:47 17,408 --a------ C:\WINDOWS\system32\msyuv.dll
2006-08-22 21:47 159,232 --a------ C:\WINDOWS\system32\dinput.dll
2006-08-22 21:47 14,336 --a------ C:\WINDOWS\system32\msdmo.dll
2006-08-22 21:47 116,736 --a------ C:\WINDOWS\system32\dpvvox.dll
2006-08-22 21:47 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-08-22 21:47 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2006-08-22 21:47 103,424 --a------ C:\WINDOWS\system32\dmsynth.dll
2006-08-22 21:47 1,428,480 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-08-22 21:47 1,298,432 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-08-22 21:47 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2006-08-22 21:47 1,287,168 --a------ C:\WINDOWS\system32\quartz.dll
2006-08-22 21:47 1,227,264 --a------ C:\WINDOWS\system32\dx8vb.dll
2006-08-22 21:47 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll
2006-08-22 21:36 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-08-21 20:02 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-08-21 20:01 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-08-21 20:01 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-08-21 20:01 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-08-21 20:01 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-08-21 20:01 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-08-21 20:01 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-08-21 20:01 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-08-21 20:01 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-08-21 20:01 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-08-21 20:01 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-08-21 20:01 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-08-21 20:01 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-08-21 20:01 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-08-21 20:01 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-08-21 20:01 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-08-21 20:01 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-08-21 20:01 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-08-21 20:01 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-08-21 20:01 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-08-21 20:01 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-08-21 20:01 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-08-21 20:01 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-08-21 19:59 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-08-21 19:59 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-08-21 19:59 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-08-21 19:59 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-08-21 19:59 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-08-21 19:59 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-08-21 19:59 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-08-21 19:59 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-08-21 19:59 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-08-21 19:59 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-08-21 19:59 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-08-21 19:59 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-08-21 19:59 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-08-21 19:59 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-08-21 19:59 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-08-21 19:59 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-08-21 19:59 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-08-21 19:59 295,424 -ra------ C:\WINDOWS\system32\termsrv.dll
2006-08-21 19:59 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-08-21 19:59 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-08-21 19:59 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-08-21 19:59 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-08-21 19:59 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-08-21 19:59 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-08-21 19:59 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-08-21 19:59 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-08-21 19:59 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-08-21 19:59 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-08-21 19:59 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-08-21 19:59 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-08-21 19:59 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-08-21 19:59 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-08-21 19:32 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-08-21 19:32 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-08-21 19:32 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-08-21 17:50 573,492 --ahs---- C:\WINDOWS\system32\mllml.dll
2006-08-21 17:45 155,136 --a------ C:\WINDOWS\system32\oins.exe
2006-08-20 22:40 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-08-20 13:02 11,776 --a------ C:\WINDOWS\INRES.DLL
2006-08-20 12:57 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-08-20 12:55 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-08-20 12:49 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-08-20 12:49 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-08-20 12:49 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-08-26 11:40 -------- d-------- C:\Program Files\Hijack This!
2006-08-26 11:39 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-26 11:38 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-08-26 02:19 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-08-26 01:58 -------- d-------- C:\Program Files\Internet Explorer
2006-08-26 01:56 -------- d-------- C:\Program Files\Trillian
2006-08-26 00:14 -------- d-------- C:\Program Files\Symantec
2006-08-26 00:10 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-25 15:49 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-25 15:28 -------- d-------- C:\Program Files\Belkin
2006-08-25 02:25 -------- d-------- C:\Program Files\Windows NT
2006-08-25 02:25 -------- d-------- C:\Program Files\Windows Media Player
2006-08-25 02:25 -------- d-------- C:\Program Files\Outlook Express
2006-08-25 02:25 -------- d-------- C:\Program Files\NetMeeting
2006-08-25 02:25 -------- d-------- C:\Program Files\Movie Maker
2006-08-25 02:25 -------- d-------- C:\Program Files\Common Files\System
2006-08-25 00:13 -------- d-------- C:\Documents and Settings\Matt\Application Data\Skype
2006-08-25 00:12 -------- d-------- C:\Program Files\Warcraft III
2006-08-24 21:07 -------- d-a------ C:\Program Files\Common Files
2006-08-23 22:42 -------- d-------- C:\Documents and Settings\Matt\Application Data\Ventrilo
2006-08-23 21:27 -------- d-------- C:\Documents and Settings\Matt\Application Data\TrojanHunter
2006-08-23 19:21 -------- d-------- C:\Program Files\TrojanHunter 4.5
2006-08-23 19:11 -------- d-------- C:\Program Files\Creative
2006-08-23 18:38 -------- d-------- C:\Program Files\Lavasoft
2006-08-23 18:38 -------- d-------- C:\Documents and Settings\Matt\Application Data\Lavasoft
2006-08-23 00:33 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-22 23:29 -------- d-------- C:\Program Files\EphPod
2006-08-22 22:30 -------- d-------- C:\Program Files\CleanUp!
2006-08-22 22:13 -------- d-------- C:\Documents and Settings\Matt\Application Data\Creative
2006-08-22 22:06 -------- d-------- C:\Program Files\World of Warcraft
2006-08-22 21:18 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-21 19:52 -------- d-------- C:\Program Files\Lexmark X1100 Series
2006-08-18 14:09 -------- d-------- C:\Program Files\Common Files\Blizzard Entertainment
2006-08-17 14:50 -------- d-------- C:\Documents and Settings\Matt\Application Data\Sun
2006-08-17 01:14 -------- d-------- C:\Program Files\WinZip
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-06-23 09:28 5512704 --a------ C:\WINDOWS\system32\ieframe.dll
2006-06-23 09:28 47616 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2006-06-23 09:28 454144 --a------ C:\WINDOWS\system32\msfeeds.dll
2006-06-23 09:28 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-06-23 09:28 223744 --a------ C:\WINDOWS\system32\webcheck.dll
2006-06-23 09:28 179200 --a------ C:\WINDOWS\system32\ieui.dll
2006-06-23 09:28 155648 --a------ C:\WINDOWS\system32\msls31.dll
2006-06-23 05:41 172544 --a------ C:\WINDOWS\system32\WinFXDocObj.exe
2006-06-23 05:40 78848 --a------ C:\WINDOWS\system32\ieencode.dll
2006-06-23 05:40 40960 --a------ C:\WINDOWS\system32\url.dll
2006-06-23 05:39 99328 --a------ C:\WINDOWS\system32\occache.dll
2006-06-23 05:39 39424 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-06-23 05:37 14336 --a------ C:\WINDOWS\system32\corpol.dll
2006-06-23 05:34 81920 --a------ C:\WINDOWS\system32\admparse.dll
2006-06-23 05:34 50688 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-06-23 05:34 372736 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-06-23 05:34 228864 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-06-23 05:34 167936 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-06-23 05:33 54272 --a------ C:\WINDOWS\system32\iesetup.dll
2006-06-23 05:33 41984 --a------ C:\WINDOWS\system32\iernonce.dll
2006-06-23 05:33 121856 --a------ C:\WINDOWS\system32\advpack.dll
2006-06-23 05:30 11776 --a------ C:\WINDOWS\system32\msfeedssync.exe
2006-06-23 05:29 55296 --a------ C:\WINDOWS\system32\icardie.dll
2006-06-23 05:29 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-06-23 05:27 251392 --a------ C:\WINDOWS\system32\iertutil.dll
2006-06-23 05:26 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-06-23 04:46 377856 --a------ C:\WINDOWS\system32\ieapfltr.dll
2006-06-23 04:45 48640 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-06-23 04:41 172032 --a------ C:\WINDOWS\system32\ieakui.dll
2006-06-19 15:18 23552 --a------ C:\WINDOWS\system32\idndl.dll
2006-06-19 15:18 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-06-19 15:18 20480 --a------ C:\WINDOWS\system32\normaliz.dll
2006-06-01 17:22 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-06-01 17:22 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-06-01 17:22 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-06-01 17:22 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-06-01 17:22 7618560 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-06-01 17:22 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-06-01 17:22 5652480 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-06-01 17:22 5632000 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-06-01 17:22 5246976 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-06-01 17:22 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-06-01 17:22 462848 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-06-01 17:22 4529408 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-06-01 17:22 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-06-01 17:22 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-06-01 17:22 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-06-01 17:22 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-06-01 17:22 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-06-01 17:22 3100672 --a------ C:\WINDOWS\system32\nvgames.dll
2006-06-01 17:22 2977792 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-06-01 17:22 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-06-01 17:22 2916352 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-06-01 17:22 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-06-01 17:22 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-06-01 17:22 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-06-01 17:22 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-06-01 17:22 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-06-01 17:22 1740800 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-06-01 17:22 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-06-01 17:22 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-06-01 17:22 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-06-01 17:22 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-06-01 17:22 1466368 --a------ C:\WINDOWS\system32\nview.dll
2006-06-01 17:22 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-06-01 17:22 1257472 --a------ C:\WINDOWS\system32\nvwss.dll
2006-06-01 17:22 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-06-01 17:22 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\\WINDOWS\\Updreg.exe"
"Jet Detection"="C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"CTHelper"="CTHELPER.EXE"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.5\\THGuard.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="\"C:\\Program Files\\CursorXP\\CursorXP.exe\" -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:5f,00,00,00
@=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e7,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{259BA022-2005-45E9-A965-10EDB9C00618}"="Windowz Updater"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}"="g322"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5A3E97DD-2A08-48BC-8F43-C0DEABC90266}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\Matt\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^HotSync Manager.lnk]
"path"="C:\\Documents and Settings\\Matt\\Start Menu\\Programs\\Startup\\HotSync Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\HotSync Manager.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\palmOne\\HOTSYNC.EXE "
"item"="HotSync Manager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\!ewido]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ewido"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Lexmark X1100 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbkbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\h618
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkiih
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllml
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wineak32

Completion time: Sat 08/26/2006 15:56:57.29
ComboFix.txt
ComboFix2.txt

#11
Shaba

Posted 27 August 2006 - 02:59 AM

Malware Expert

Member
558 posts

Hi

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: XBTB03748 - {1CBC8587-1E29-4c2b-9739-D0E563905B32} - C:\PROGRA~1\E-CHOR~1\e-chords.dll (file missing)
O2 - BHO: (no name) - {56F0AD9F-5C9A-4F37-B2C7-45CEDC796E8F} - C:\WINDOWS\system32\mllml.dll
O2 - BHO: (no name) - {5A3E97DD-2A08-48BC-8F43-C0DEABC90266} - C:\WINDOWS\System32\mljkiih.dll (file missing)
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\System32\nsi279.dll (file missing)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00322} - C:\WINDOWS\g3181812.dll (file missing)
O20 - Winlogon Notify: h618 - C:\WINDOWS\g20717062.dll (file missing)
O20 - Winlogon Notify: mljkiih - mljkiih.dll (file missing)
O20 - Winlogon Notify: wineak32 - wineak32.dll (file missing)

Close all windows including browser and press fix checked.

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05540000\47FDF968.VBN
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05540000\47FDF969.VBN
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05540000\47FDF96A.VBN
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05540000\47FDF96B.VBN
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00000\4FFB6D50.VBN
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00001\4FFBD0C9.VBN
C:\WINDOWS\g3181812.dll.tcf
C:\WINDOWS\system32\ismon.exe.tcf
C:\WINDOWS\system32\ixt0.dll.tcf
C:\WINDOWS\system32\oins.exe
C:\WINDOWS\TWF0dGhldyBDYXZhbmF1Z2g\nqIXx315xV1Gsrt1vAIYtZ0.vbs
C:\WINDOWS\YAXUninst.exe.tcf

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Empty Recycle Bin

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.[/list]
Download win32delfkil.exe.
Save it on your desktop.
Double click on win32delfkil.exe and install it. This creates a new folder on your desktop: win32delfkil.
Close all windows, open the win32delfkil folder and double click on fix.bat.
The computer will reboot automatically.

Re-scan with kaspersky

Send:

- a fresh HijackThis log
- c:\vundofix.txt
- c:\windelf.txt
- kaspersky report

#12
Solarin

Posted 28 August 2006 - 07:24 PM

Member

Topic Starter
Member
28 posts

Sorry for the slow response. RL has been hectic these past few days. The Kapersky scan is running as I type this. I'll post everything once it is done so it should be a few hours. I haven't had a chance to thank you for your help as well up to this point. It is much appreciated.

#13
Solarin

Posted 30 August 2006 - 05:58 AM

Member

Topic Starter
Member
28 posts

VundoFix Log:

VundoFix V4.0

Listing files found while scanning....

VundoFix V6.1.2

Checking Java version...

Java version is 1.5.0.6

Scan started at 11:09:04 AM 8/27/2006

Listing files found while scanning....

C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini2
C:\WINDOWS\system32\lmllm.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mllml.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\lmllm.ini2
C:\WINDOWS\system32\lmllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\lmllm.tmp
C:\WINDOWS\system32\lmllm.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.2

Checking Java version...

Java version is 1.5.0.6

Scan started at 11:26:17 AM 8/27/2006

Listing files found while scanning....

C:\WINDOWS\system32\mllml.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mllml.dll Has been deleted!

Performing Repairs to the registry.
Done!

Windelf Log:

************************
* WIN32DELFKIL LOGFILE *
************************
by Marckie

BEFORE RUNNING WIN32DELFKIL
***************************

File(s) found in Windows directory
----------------------------------

File(s) found in system32 folder
--------------------------------

Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{259BA022-2005-45E9-A965-10EDB9C00618}"="Windowz Updater"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00322}"="g322"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

sharedtaskkey: 259BA022-2005-45E9-A965-10EDB9C00618
---------------------------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}]
@="C:\\WINDOWS\\g20717062.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00618}\InprocServer32]
@="C:\\WINDOWS\\g20717062.dll"
"ThreadingModel"="Apartment"

sharedtaskkey: A4F94C0C-54A7-4DB1-9AF3-B22E63D00322
---------------------------------------------------
no keys found

Notify key
----------

AFTER RUNNING WIN32DELFKIL
**************************

File(s) found in Windows directory
----------------------------------

File(s) found in system32 folder
--------------------------------
Export SharedTaskScheduler key
------------------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

Notify key
----------

Kaspersky Log: (saved as an html by accident)

Kaspersky Logl

#14
Shaba

Posted 30 August 2006 - 08:58 AM

Malware Expert

Member
558 posts

Hi

Empty this folder:

C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\

Delete these:

C:\Documents and Settings\Matt\Desktop\e-chords.exe
C:\Documents and Settings\Matt\Desktop\OiUninstaller.exe

Empty Recycle Bin

Re-scan with kaspersky

Send:

- a fresh HijackThis log
- kaspersky report

#15
Solarin

Posted 31 August 2006 - 05:25 PM

Member

Topic Starter
Member
28 posts

Hijack Log:

Logfile of HijackThis v1.99.1
Scan saved at 6:50:57 AM, on 8/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hijack This!\HJT.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {63FD9D92-DCD7-4A7D-A06E-973F18ADCC3F} - C:\WINDOWS\system32\mllml.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\RunOnce: [NSWCfg.exe] "C:\Program Files\Norton SystemWorks\NSWCfg.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1156300299077
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15026/CTPID.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe