Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan/Malware difficulties

Started by BIGROD , Feb 13 2008 08:40 PM

  • Please log in to reply

#1
BIGROD
Posted 13 February 2008 - 08:40 PM

BIGROD

    Member

  • Member
  • PipPip
  • 87 posts
My PC is running very slow right now. I know I have a trojan(s) but can't pinpoint and remove. Spybot, Window Washer, or CCleaner aren't able to single out whatever's infecting the system. Any help is appreciated.

New symptom today -

When I try to access any of my hard drives (external and internal) I get a message asking me how I wish to open the file, as if it's a program I'm trying to access and not my drive.

Posted Image

Here's my HiJack This log (I know this is an older version):

Logfile of HijackThis v1.99.1
Scan saved at 9:33:00 PM, on 2/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
D:\APPS\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
D:\APPS\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\APPS\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\mgabg.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
D:\APPS\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Saved files\download\PC fix tools_from geeks2go\HIJACK THIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "D:\APPS\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\APPS\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Roberts Family"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pump.musicsha.../musicshake.cab
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap...in/myCioAgt.cab
O16 - DPF: {8FB571B0-DC11-487C-8B1C-BD60A32366FF} (MusicShakePlayer Control) - http://pump.musicsha...keplayercab.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://vram3c.vcu.edu/dwa7W.cab
O18 - Protocol: bw+0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.5.1.191.dll
O18 - Protocol: offline-8876480 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - D:\APPS\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Edited by BIGROD, 14 February 2008 - 03:44 PM.

  • 0

Advertisements

#2
kahdah
Posted 16 February 2008 - 01:03 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello BIGROD

Welcome to G2Go. :)
===================
With all of your drives plugged in do the following
  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
===========================
Then :
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
BIGROD
Posted 16 February 2008 - 04:05 PM

BIGROD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Thanks for the reply. Below are a new HiJack This log and the ComboFix log:

Logfile of HijackThis v1.99.1
Scan saved at 5:00:22 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
D:\APPS\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
D:\APPS\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\APPS\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\mgabg.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
D:\APPS\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
E:\Saved files\download\PC fix tools_from geeks2go\HIJACK THIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "D:\APPS\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\APPS\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pump.musicsha.../musicshake.cab
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap...in/myCioAgt.cab
O16 - DPF: {8FB571B0-DC11-487C-8B1C-BD60A32366FF} (MusicShakePlayer Control) - http://pump.musicsha...keplayercab.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://vram3c.vcu.edu/dwa7W.cab
O18 - Protocol: bw+0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.5.1.191.dll
O18 - Protocol: offline-8876480 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - D:\APPS\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe



ComboFix 08-02-17.2 - Roberts Family 2008-02-16 16:52:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.75 [GMT -5:00]
Running from: C:\Documents and Settings\Roberts Family\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe
C:\Program Files\screensavers.com\SSSUninst.exe
D:\Autorun.inf
E:\Autorun.inf
I:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-13 22:26 . 2008-02-13 22:27 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-01-25 09:26 . 2008-01-25 13:04 <DIR> d-------- C:\divx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 21:56 16,019,488 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-16 21:33 190,436 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-16 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 21:25 --------- d-----w C:\Program Files\DC++
2008-02-16 15:05 --------- d-----w C:\Documents and Settings\Roberts Family\Application Data\uTorrent
2008-02-13 23:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-12 14:17 --------- d-----w C:\Documents and Settings\Roberts Family\Application Data\AdobeUM
2008-01-21 22:15 295,824 -c--a-w C:\Documents and Settings\Roberts Family\Application Data\GDIPFONTCACHEV1.DAT
2007-12-28 14:43 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-11 03:52 17,615,506 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-26 19:47 194,888 ----a-w C:\WINDOWS\Unwash6.exe
2007-11-10 03:50 239,616 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2007-11-10 03:50 1,872,896 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2007-10-28 14:11 327,680 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2007-10-28 14:11 1,814,528 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2007-10-16 16:31 1,805,312 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2007-09-24 17:36 4,947,968 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2007-09-24 17:36 1,776,128 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2007-08-28 17:23 1,724,416 -c--a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-08-22 17:02 16,692,461 -c--a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_08_18_23_24_22_full.dmp.zip
2007-08-22 17:02 117,802 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_08_18_23_18_35_small.dmp.zip
2007-07-27 22:17 1,701,888 -c--a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-07-25 16:03 1,701,376 -c--a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-05-23 07:08 108,020 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_22_10_22_44_small.dmp.zip
2007-05-04 13:12 105,661 -c--a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_27_08_08_01_small.dmp.zip
2007-01-13 14:54 1,396,224 -c--a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2006-11-18 20:36 7,937 -c--a-w C:\Program Files\Uninst.isu
2006-09-22 13:08 2,747,904 -c--a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2006-09-22 13:07 2,747,904 -c--a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2005-07-13 17:57 838,656 -c--a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2005-07-13 12:50 1,563,136 -c--a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2000-02-09 14:42 8,657 -c--a-w C:\Program Files\Readme.txt
2000-01-21 15:55 1,399,403 -c--a-w C:\Program Files\Help.pdf
2000-01-19 16:32 3,536,390 -c--a-w C:\Program Files\Manual.pdf
2000-01-05 14:14 1,781,760 -c--a-w C:\Program Files\WACM.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [ ]
"NBJ"="C:\Program Files\Nero\Nero BackItUp\NBJ.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-04-03 16:41 503296]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-05-10 16:28 36864]
"Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-11-26 14:47 1206600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Matrox Powerdesk"="C:\WINDOWS\System32\PDesk\PDesk.exe" [2004-09-14 09:13 684032]
"McAfee Managed Services Tray"="C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe" [2007-05-18 03:03 190016]
"MVS Splash"="C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" [2007-03-06 16:25 468544]
"CTHelper"="CTHELPER.EXE" [2003-10-06 13:57 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [ ]
"DIGServices"="C:\Program Files\ESPNRunTime\DIGServices.exe" [2005-05-19 13:55 101888]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [ ]
"Iomega Drive Icons"="C:\Program Files\Iomega\DriveIcons\ImgIcon.exe" [ ]
"Deskup"="C:\Program Files\Iomega\DriveIcons\deskup.exe" [2002-07-16 09:55 32768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [ ]
"NWEReboot"="" []
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [ ]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [ ]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 06:42 176128]
"Adobe Version Cue CS2"="D:\APPS\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58 856064]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="D:\APPS\iTunesHelper.exe" [2007-11-02 18:36 267048]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-11 19:30 171448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 00:19:50 217193]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50 113664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-05-10 16:28:51 196608]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-07-05 21:08:10 118784]

R0 PenClass;Pen Class;C:\WINDOWS\system32\Drivers\PenClass.sys [1999-10-13 12:07]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2007-03-06 16:25]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 14:47]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 01:01]
S3 iscFlash;iscFlash;C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys []
S3 OlCamudp;OLYMPUS Digital Camera;C:\WINDOWS\system32\Drivers\olcamudp.sys [2000-02-08 03:55]
S3 Wanamiosemr;Wanamiosemr;C:\WINDOWS\system32\drivers\mtlmnt5.sys [2004-08-04 00:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e59455c2-63c2-11dc-8621-000476ec6cc4}]
\Shell\AutoRun\command - d6fagcs8.cmd
\Shell\explore\Command - d6fagcs8.cmd
\Shell\open\Command - d6fagcs8.cmd

.
Contents of the 'Scheduled Tasks' folder
"2008-02-10 01:41:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 16:56:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-17 16:57:56
ComboFix-quarantined-files.txt 2008-02-17 21:57:50
.
2008-02-14 03:29:34 --- E O F ---
  • 0

#4
kahdah
Posted 16 February 2008 - 06:31 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\d6fagcs8.cmd
I:\d6fagcs8.cmd
D:\d6fagcs8.cmd
E:\d6fagcs8.cmd
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e59455c2-63c2-11dc-8621-000476ec6cc4}
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
    ===========================
    Let me know if you can noew open your drives correctly and how things are running also please post a new Hijackthis log along with the OTMove it 2 log.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  • 0

#5
BIGROD
Posted 16 February 2008 - 10:24 PM

BIGROD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
My drives are operating normally now. The PC does seem to be running a little more smoothly.

Logfile of HijackThis v1.99.1
Scan saved at 11:18:21 PM, on 2/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
D:\APPS\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
D:\APPS\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\APPS\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\mgabg.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
D:\APPS\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Roberts Family\Desktop\OTMoveIt2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\Saved files\download\PC fix tools_from geeks2go\HIJACK THIS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "D:\APPS\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\APPS\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Nero\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1CE47888-DD62-482C-9723-4814BB04D45D} (musicshake) - http://pump.musicsha.../musicshake.cab
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap...in/myCioAgt.cab
O16 - DPF: {8FB571B0-DC11-487C-8B1C-BD60A32366FF} (MusicShakePlayer Control) - http://pump.musicsha...keplayercab.CAB
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://vram3c.vcu.edu/dwa7W.cab
O18 - Protocol: bw+0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.5.1.191.dll
O18 - Protocol: offline-8876480 - {2FFD1D08-5FF6-4CA2-AB22-35638329660D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - D:\APPS\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe



[Custom Input]
< C:\d6fagcs8.cmd >
File/Folder C:\d6fagcs8.cmd not found.
< I:\d6fagcs8.cmd >
File/Folder I:\d6fagcs8.cmd not found.
< D:\d6fagcs8.cmd >
File/Folder D:\d6fagcs8.cmd not found.
< E:\d6fagcs8.cmd >
File/Folder E:\d6fagcs8.cmd not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e59455c2-63c2-11dc-8621-000476ec6cc4} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e59455c2-63c2-11dc-8621-000476ec6cc4}\\ deleted successfully.

OTMoveIt2 v1.0.20 log created on 02172008_231457
  • 0

#6
kahdah
Posted 16 February 2008 - 10:27 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#7
BIGROD
Posted 17 February 2008 - 04:38 PM

BIGROD

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Yep. Infected.


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 18, 2008 5:35:58 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/02/2008
Kaspersky Anti-Virus database records: 570085
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 136650
Number of viruses found: 2
Number of infected objects: 21
Number of suspicious objects: 0
Duration of the scan process: 02:34:57

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Roberts Family\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Roberts Family\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Roberts Family\Local Settings\Application Data\AOL OCP\AIM\Storage\data\mastergrphx\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Roberts Family\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Roberts Family\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Roberts Family\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Roberts Family\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Roberts Family\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Roberts Family\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Roberts Family\ntuser.dat.LOG Object is locked skipped
C:\Log.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\L0000011.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Roberts Family\Data\storydb.idx Object is locked skipped
C:\Program Files\McAfee\Managed VirusScan\Agent\Report\CIO2D.tmp Object is locked skipped
C:\QooBox\Quarantine\C\autorun.inf.vir Infected: Worm.Win32.AutoRun.coi skipped
C:\QooBox\Quarantine\D\autorun.inf.vir Infected: Worm.Win32.AutoRun.coi skipped
C:\QooBox\Quarantine\E\autorun.inf.vir Infected: Worm.Win32.AutoRun.coi skipped
C:\QooBox\Quarantine\I\autorun.inf.vir Infected: Worm.Win32.AutoRun.coi skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{0D9FBF53-CE1E-49D2-8205-98B589E91F4F}\RP1149\A0304544.inf Infected: Worm.Win32.AutoRun.coi skipped
C:\System Volume Information\_restore{0D9FBF53-CE1E-49D2-8205-98B589E91F4F}\RP1150\A0304658.inf Infected: Worm.Win32.AutoRun.coi skipped
C:\System Volume Information\_restore{0D9FBF53-CE1E-49D2-8205-98B589E91F4F}\RP1151\A0304736.inf Infected: Worm.Win32.AutoRun.coi skipped
C:\System Volume Information\_restore{0D9FBF53-CE1E-49D2-8205-98B589E91F4F}\RP1154\A0305056.dll Infected: Worm.Win32.AutoRun.clp skipped
C:\System Volume Information\_restore{0D9FBF53-CE1E-49D2-8205-98B589E91F4F}\RP1155\A0305107.inf Infected: Worm.Win32.AutoRun.coi skipped
C:\System Volume Information\_restore{0D9FBF53-CE1E-49D2-8205-98B589E91F4F}\RP1156\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\ROBERTS-9HGMDPY.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\536 Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\852 Object is locked skipped
C:\WINDOWS\Temp\ib10 Object is locked skipped
C:\WINDOWS\Temp\ib8 Object is locked skipped
C:\WINDOWS\Temp\ib9 Object is locked skipped
C:\WINDOWS\Temp\ZLT069f0.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT069f3.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000002-00000000-0000000C-00001102-00000004-00581102}.CDF Object is locked skipped
D:\APPS\Adobe Version Cue CS2\config\configuration\org.eclipse.core.runtime\.manager\.tmp16368.instance Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\ibdata1 Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\ib_logfile0 Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\ib_logfile1 Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhasset.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhassetcacheitem.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhassetversioncacheitem.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhlabel.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhlabeltoversion.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhmessage.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhpqentry.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhpublishlog.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhpublishserver.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhpublishstateitem.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhresult.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhreview.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhreviewcomment.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhrole.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhschemaversion.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhsequence.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhserverglobals.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhsettings.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhsettingssection.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhthumbnail.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhuser.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhuserrole.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhxmpmetadata.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\data\database\data\versioncue\bhxmpproperty.ibd Object is locked skipped
D:\APPS\Adobe Version Cue CS2\logs\VersionCue.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{0D9FBF53-CE1E-49D2-8205-98B589E91F4F}\RP1149\A0304546.inf Infected: Worm.Win32.AutoRun.coi skipped
D:\System Volume Information\_restore{0D9FBF53-CE1E-49D2-8205-98B589E91F4F}\RP1150\A0304659.inf Infected: Worm.Win32.AutoRun.coi skipped
D:\System Volume Information\_restore{0D9FBF53-CE1E-49D2-8205-98B589E91F4F}\RP1151\A0304737.inf Infected: Worm.Win32.AutoRun.coi skipped
D:\System Volume Information\_restore{0D9FBF53-CE1E-49D2-8205-98B589E91F4F}\RP1155\A0305108.inf Infected: Worm.Win32.AutoRun.coi skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{0D9FBF53-CE1E-49D2-8205-98B589E91F4F}\RP1149\A0304548.inf Infected: Worm.Win32.AutoRun.coi skipped
E:\System Volume Information\_restore{0D9FBF53-CE1E-49D2-8205-98B589E91F4F}\RP1150\A0304660.inf Infected: Worm.Win32.AutoRun.coi skipped
E:\System Volume Information\_restore{0D9FBF53-CE1E-49D2-8205-98B589E91F4F}\RP1151\A0304738.inf Infected: Worm.Win32.AutoRun.coi skipped
E:\System Volume Information\_restore{0D9FBF53-CE1E-49D2-8205-98B589E91F4F}\RP1155\A0305109.inf Infected: Worm.Win32.AutoRun.coi skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000398.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000399.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000400.sys Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000401.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000402.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000403.ver Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000404.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000405.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000406.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000407.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000408.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000409.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000410.ver Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000411.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000412.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000413.sys Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000414.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000415.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000416.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000417.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP36\A0000418.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000426.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000427.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000428.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000429.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000430.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000431.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000432.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000433.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000434.ver Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000435.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000436.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000437.sys Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000438.ver Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000439.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000440.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000441.sys Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000442.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000443.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000444.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000445.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP37\A0000446.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000454.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000455.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000456.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000457.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000458.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000459.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000460.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000461.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000462.ver Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000463.ver Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000464.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000465.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000466.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000467.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000468.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000469.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000470.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000471.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000472.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000473.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP38\A0000474.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000486.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000487.ocx Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000488.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000489.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000490.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000491.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000492.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000493.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000494.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000495.ver Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000496.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000497.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000498.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000499.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000500.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000501.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000502.ver Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000503.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000504.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000505.ocx Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000506.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000507.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000508.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000509.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000510.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000511.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000512.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000513.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP39\A0000514.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000522.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000523.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000524.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000525.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000526.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000527.ver Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000528.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000529.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000530.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000531.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000532.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000533.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000534.ver Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000535.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000536.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000537.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000538.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000539.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000540.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000541.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP40\A0000542.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000549.sys Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000550.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000551.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000552.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000553.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000554.ver Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000555.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000556.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000557.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000558.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000559.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000560.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000561.ver Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000562.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000563.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000564.sys Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000565.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000566.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000567.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000568.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP41\A0000569.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000595.ver Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000596.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000597.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000598.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000599.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000600.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000601.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000602.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000603.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000604.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000605.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000606.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000607.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000608.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000609.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000610.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000611.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000612.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000613.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP42\A0000614.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP43\A0000623.ver Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP43\A0000624.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP43\A0000625.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP43\A0000626.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP43\A0000627.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP43\A0000628.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP43\A0000629.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP43\A0000630.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP43\A0000631.cnv Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000673.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000674.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000675.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000676.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000677.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000678.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000679.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000680.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000681.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000682.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000683.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000684.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000685.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000686.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000687.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000688.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000689.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000690.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000691.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000692.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000693.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000694.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000695.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000696.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000697.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000698.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000699.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000700.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000701.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000702.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000703.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000704.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000705.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000706.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000707.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000708.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000709.tsp Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000710.TSP Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000711.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000712.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000713.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000714.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000715.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000716.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000717.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000718.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000719.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000720.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000721.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000722.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000723.ver Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000724.ver Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP44\A0000725.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000769.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000770.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000771.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000772.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000773.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000774.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000775.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000776.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000777.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000778.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000779.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000780.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000781.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000782.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000783.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000784.inf Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000785.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000786.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000787.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000788.cat Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000789.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000790.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000791.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000792.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000793.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000794.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000795.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000796.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000797.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000798.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000799.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000800.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000801.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000802.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000803.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000804.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000805.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000806.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000807.ver Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000808.ver Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000809.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000810.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000811.exe Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000812.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000813.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000814.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000815.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000816.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000817.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000818.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000819.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000820.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000821.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000822.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000823.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000824.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000825.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000826.dll Object is locked skipped
E:\System Volume Information\_restore{1ECA24BF-88A5-472F-BC0B-42F664D1A3C1}\RP45\A0000827.dll Object is locked skipped
I:\System Volume Information\_restore{0D9FBF53-CE1E-49D2-8205-98B589E91F4F}\RP1149\A0304550.inf Infected: Worm.Win32.AutoRun.coi skipped
I:\System Volume Information\_restore{0D9FBF53-CE1E-49D2-8205-98B589E91F4F}\RP1150\A0304661.inf Infected: Worm.Win32.AutoRun.coi skipped
I:\System Volume Information\_restore{0D9FBF53-CE1E-49D2-8205-98B589E91F4F}\RP1151\A0304739.inf Infected: Worm.Win32.AutoRun.coi skipped
I:\System Volume Information\_restore{0D9FBF53-CE1E-49D2-8205-98B589E91F4F}\RP1155\A0305110.inf Infected: Worm.Win32.AutoRun.coi skipped

Scan process completed.
  • 0

#8
kahdah
Posted 17 February 2008 - 04:49 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Actually those are already deleted they are just in the system restore cache and in combofix quarantine uninstalling Combofix will clean the System Restore points and remove the Combofix quarantine.
=========================
Please update your Java:
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:After that
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
==================================
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    • Posted Image

    The above procedure will delete and do the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete anything that we used that is left over.
==================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP