hey,thx for ur reply. I did exactly like u said, my computer isnt tht clean after all...
Here are the stuff
Deckard's System Scanner v20071014.68
Run by Sarah on 2008-03-10 16:26:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
14: 2008-03-10 14:27:41 UTC - RP14 - Deckard's System Scanner Restore Point
13: 2008-03-08 13:47:12 UTC - RP13 - System Checkpoint
12: 2008-03-07 12:10:07 UTC - RP12 - Software Distribution Service 3.0
11: 2008-03-06 17:29:54 UTC - RP11 - Installed Windows Live Toolbar
10: 2008-03-06 17:28:02 UTC - RP10 - Installed Windows Live Sign-in Assistant
-- First Restore Point --
1: 2008-03-04 20:03:54 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 77% (more than 75%).Total Physical Memory: 510 MiB (512 MiB recommended).-- HijackThis (run as Sarah.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:05 PM, on 3/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Downloaded Program Files\SVCHOST.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Sarah\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sarah.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.co.uk/0...S01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://g.msn.co.uk/0...S01?FORM=TOOLBRR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.co.uk/0...S01?FORM=TOOLBRF2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\Downloaded Program Files\SVCHOST.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [OrganizeME] C:\Program Files\OrganizeME\OrganizeME.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Freebie Notes] "C:\Program Files\Power Soft\Freebie Notes\FreebieNotes.exe"
O4 - HKUS\S-1-5-21-527237240-448539723-682003330-1004\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Mariam')
O4 - HKUS\S-1-5-21-527237240-448539723-682003330-1004\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime (User 'Mariam')
O4 - HKUS\S-1-5-21-527237240-448539723-682003330-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Mariam')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.liv...m/quickadd.aspxO8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?29705a6ad1d24f1ea5e9fbb26845dfea
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?29705a6ad1d24f1ea5e9fbb26845dfea
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1194343497281O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1194041006515O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: avp - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
--
End of file - 7605 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080305-033046-428 O20 - Winlogon Notify: vtutusp - vtutusp.dll (file missing)
backup-20080305-033046-511 O2 - BHO: (no name) - {4BA0ABD8-8312-4B9F-9E9B-60A272746FCF} - C:\WINDOWS\system32\ddcyv.dll (file missing)
backup-20080305-033307-187 O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
backup-20080305-033636-303 F3 - REG:win.ini: load=C:\WINDOWS\system32\ddcyv.exe
backup-20080305-033649-588 F3 - REG:win.ini: load=C:\WINDOWS\system32\ddcyv.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 iSMBIOS - c:\windows\system32\drivers\ismbios.sys <Not Verified; Intel Corporation; Intel® Active Monitor>
R2 SIODRV - c:\windows\system32\drivers\siodrv.sys <Not Verified; Intel Corporation; Intel® Active Monitor>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R0 Nla (Network Location Awareness (NLA)) - \systemroot\c:\windows\system32\svchost.exe -k netsvcs (file missing)
S0 AVP (Kaspersky Internet Security 7.0) - \systemroot\"c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe" -r (file missing)
S2 imonNT (Intel® Active Monitor) - c:\program files\intel\intel® active monitor\imonnt.exe <Not Verified; Intel Corp.; Intel® Active Monitor>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_30288086&REV_81\4&2AF9ED5&0&40F0
Manufacturer: Intel
Name: Intel® PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1039&SUBSYS_30288086&REV_81\4&2AF9ED5&0&40F0
Service: E100B
-- Scheduled Tasks -------------------------------------------------------------
2008-03-10 15:32:10 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-03-01 13:57:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-02-10 and 2008-03-10 -----------------------------
2008-03-09 09:34:25 0 d-------- C:\WINDOWS\LastGood
2008-03-08 21:35:50 0 ---h----- C:\sv
2008-03-07 17:03:20 0 d-------- C:\Documents and Settings\Sarah\.efigio
2008-03-07 17:01:21 0 d-------- C:\Program Files\Efigio
2008-03-07 16:37:44 0 d-------- C:\Program Files\OrganizeME
2008-03-07 16:34:08 0 d-------- C:\Program Files\Power Soft
2008-03-06 19:42:28 0 d-------- C:\Program Files\Windows Live Favorites
2008-03-06 19:30:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-06 19:29:56 0 d-------- C:\Program Files\Windows Live Toolbar
2008-03-06 01:16:52 0 d-------- C:\VundoFix Backups
2008-03-05 17:23:55 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-05 16:43:25 6736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS <Not Verified; Sysinternals - www.sysinternals.com; Process Explorer>
2008-03-05 15:00:10 0 d-------- C:\WINDOWS\pss
2008-03-05 03:16:49 0 d-------- C:\Program Files\Trend Micro
2008-03-04 20:37:38 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-04 20:37:38 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-04 20:37:38 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-04 20:37:38 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-04 14:40:11 0 d-------- C:\WINDOWS\SxsCaPendDel
2008-03-04 14:17:22 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-04 14:16:47 0 d-------- C:\Program Files\Windows Live
2008-03-04 14:16:33 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-01 13:56:52 0 d-------- C:\Program Files\Apple Software Update
2008-03-01 13:56:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-26 21:39:43 0 d-------- C:\Program Files\Azada
2008-02-26 01:14:11 0 d-------- C:\Documents and Settings\Sarah\Application Data\Big Fish Games
2008-02-26 01:02:51 0 d-------- C:\Program Files\ReflexiveArcade
2008-02-24 14:46:55 0 d-------- C:\WINDOWS\Desktop
2008-02-24 13:18:04 0 d-------- C:\Program Files\FreshDevices
2008-02-23 12:10:39 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-02-23 12:10:37 0 d-------- C:\Program Files\DAP
2008-02-15 15:28:46 0 d---s---- C:\Documents and Settings\Mariam\UserData
2008-02-15 15:24:09 0 d-------- C:\Documents and Settings\Mariam\Application Data\Google
2008-02-15 15:22:06 0 d-------- C:\Documents and Settings\Mariam\Application Data\MEGAUPLOADTOOLBAR
2008-02-15 15:21:36 0 d-------- C:\Documents and Settings\Mariam\Application Data\MSN6
2008-02-15 13:29:44 0 d-------- C:\Documents and Settings\Sarah\Application Data\TrojanHunter
2008-02-15 13:27:29 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-02-11 17:09:04 0 d-------- C:\Documents and Settings\Sarah\Application Data\Apple Computer
2008-02-11 14:12:00 0 d-------- C:\Program Files\QuickTime
2008-02-11 14:11:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
-- Find3M Report ---------------------------------------------------------------
2008-03-10 00:06:09 0 d-------- C:\Documents and Settings\Sarah\Application Data\Azureus
2008-03-09 21:39:32 0 d-------- C:\Program Files\Azureus
2008-03-06 19:26:17 0 d-------- C:\Program Files\MSN Messenger
2008-03-06 18:37:09 0 d-------- C:\Program Files\DivX
2008-03-06 16:11:00 0 d-------- C:\Program Files\Coco Sudoku
2008-03-04 19:02:33 0 d-------- C:\Program Files\PowerISO
2008-03-04 14:30:55 0 d-------- C:\Program Files\Common Files
2008-02-26 02:51:45 0 d-------- C:\Documents and Settings\Sarah\Application Data\Adobe
2008-02-24 00:37:59 0 d-------- C:\Documents and Settings\Sarah\Application Data\MegauploadToolbar
2008-02-21 16:30:23 155648 --a------ C:\WINDOWS\system32\NeroCheck .exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-02-15 14:59:59 0 d-------- C:\Program Files\Dot1XCfg
2008-02-15 13:28:50 0 d-------- C:\Program Files\Spyware Doctor
2008-02-07 18:49:02 0 d-------- C:\Program Files\Microsoft Reader
2008-02-07 18:48:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-07 15:04:51 0 d-------- C:\Program Files\LimeWire
2008-02-01 14:52:24 12288 --a------ C:\WINDOWS\impborl.dll
2008-02-01 14:52:24 535040 --a------ C:\WINDOWS\flashax.exe <Not Verified; Microsoft Corporation; Microsoft® Windows NT® Operating System>
2008-01-28 02:04:10 0 d-------- C:\Program Files\MegauploadToolbar
2008-01-26 18:00:30 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-24 09:50:03 0 d-------- C:\Program Files\NetBeans 6.0
2008-01-22 23:46:27 0 d-------- C:\Program Files\Microsoft.NET
2008-01-20 23:35:46 0 d-------- C:\Documents and Settings\Sarah\Application Data\Dev-Cpp
2008-01-20 18:49:23 0 d-------- C:\Program Files\Microsoft SQL Server
2008-01-11 21:01:47 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2008-01-11 20:59:21 0 d-------- C:\Program Files\MSN Gaming Zone
2008-01-11 20:57:37 0 d-------- C:\Program Files\SmartDraw 2008
2008-01-04 23:58:50 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 23:57:22 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-01-04 23:57:22 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-01-04 23:57:12 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 23:57:10 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-01-04 23:57:10 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 23:57:10 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-01-04 23:56:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-14 00:17:31 45056 --a------ C:\WINDOWS\NCUNINST.EXE <Not Verified; Northern Codeworks; Uninstall>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMONTRAY"="C:\Program Files\Intel\Intel® Active Monitor\imontray.exe" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" []
"OrganizeME"="C:\Program Files\OrganizeME\OrganizeME.EXE" [07/03/2007 09:43 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"Freebie Notes"="C:\Program Files\Power Soft\Freebie Notes\FreebieNotes.exe" [01/20/2008 01:52 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe,C:\WINDOWS\Downloaded Program Files\SVCHOST.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\ddcyv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMcb0c6f73]
Rundll32.exe "C:\WINDOWS\system32\gkkbqhkb.dll",s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c83f5cef]
rundll32.exe "C:\WINDOWS\system32\tjowybkk.dll",b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dot1XCfg]
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"C:\Program Files\DAP\DAP.EXE" /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\ddcyv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask .exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
"C:\Program Files\TrojanHunter 5.0\THGuard .exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ff97bf9-9a09-11dc-9e15-0007e95ab7aa}]
Auto\command- SHE.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SHE.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{518fefbf-89dd-11dc-ab40-0007e95ab7aa}]
AutoRun\command- G:\4sv.exe
explore\Command- G:\4sv.exe
open\Command- G:\4sv.exe
-- End of Deckard's System Scanner: finished at 2008-03-10 16:32:37 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 509.8 MiB / 147.71 MiB
Pagefile Memory (total/avail): 1382.29 MiB / 658.12 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1947.14 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 17.58 GiB total, 2.87 GiB free.
D: is Fixed (NTFS) - 19.68 GiB total, 0.36 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
I: is Fixed (NTFS) - 93.16 GiB total, 0.3 GiB free.
\\.\PHYSICALDRIVE0 - WDC WD400EB-00CPF0 - 37.27 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 17.58 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 19.68 GiB - D:
\\.\PHYSICALDRIVE1 - Hitachi HTS541210H9AT00 USB Device - 93.16 GiB - 1 partition
\PARTITION0 - Installable File System - 93.16 GiB - I:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FirewallOverride is set.
FW: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab)
DisabledAV: Spyware Doctor with AntiVirus v (PC Tools)
AV: Kaspersky Internet Security v7.0.0.125 (Kaspersky Lab)
Disabled Outdated[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sarah\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sarah
LOGONSERVER=\\HOME
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Sarah\LOCALS~1\Temp
TMP=C:\DOCUME~1\Sarah\LOCALS~1\Temp
USERDOMAIN=HOME
USERNAME=Sarah
USERPROFILE=C:\Documents and Settings\Sarah
VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Sarah
(admin)Mariam
Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9084D215-778B-4BC2-8B57-54AB49E526BF}\setup.exe" -u
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9084D215-778B-4BC2-8B57-54AB49E526BF}\setup.exe" -u -quiet
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Digital Editions --> C:\Documents and Settings\Sarah\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions2x0\digitaleditions2x0.exe -uninstall
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ALLOUT v1.42 --> "C:\Program Files\NCBuy\ALLOUT\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Azureus --> C:\Program Files\Azureus\Uninstall.exe
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Codec Pack - All In 1 6.0.3.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
Dev-C++ 5 beta 9 release (4.9.9.2) --> "C:\Dev-Cpp\uninstall.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Dot1XCfg --> "C:\Program Files\Dot1XCfg\Dot1XCfg.exe" -uninstall
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
Efigio --> "C:\Program Files\Efigio\uninstall.exe"
Encryption Plus Secure Export --> C:\PROGRA~1\SECURE~1\UNINST~1.EXE C:\PROGRA~1\SECURE~1\INSTALL.LOG
Freebie Notes --> "C:\Program Files\Power Soft\Freebie Notes\unins000.exe"
Full Tilt Poker --> "C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel® 82845G Graphics Driver Software --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® Active Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E861EC9-FCB8-11D3-939A-00A0C9BA5A55}\setup.exe"
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
Java 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java SE Development Kit 6 Update 1 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160010}
Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JCreator LE 4.00 --> "C:\Program Files\Xinox Software\JCreatorV4LE\unins000.exe"
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
LimeWire 4.16.4 --> "C:\Program Files\LimeWire\uninstall.exe"
lordsofdogtown_ss1 Screen Saver --> C:\WINDOWS\lordsofdogtown_ss1.scr /u
Megaupload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe
Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NetBeans IDE 6.0 --> "C:\Program Files\NetBeans 6.0\uninstall.exe"
OneCare Advisor (Windows Live Toolbar) --> MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
OrganizeME v1.0 --> "C:\Program Files\OrganizeME\unins000.exe"
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Popup Blocker (Windows Live Toolbar) --> MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Rhapsody Player Engine --> MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
SigmaTel AC97 Audio Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{1707BF02-0F5C-4A6C-8F17-053BB73E443F}
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar) --> MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar --> MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
WinPcap 4.0.1 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type652 / Error
Event Submitted/Written: 03/09/2008 08:08:50 PM
Event ID/Source: 0 / .NET Runtime
Event Description:
Unable to open shim database version registry key - v2.0.50727.00000
Event Record #/Type651 / Error
Event Submitted/Written: 03/09/2008 08:08:50 PM
Event ID/Source: 0 / .NET Runtime
Event Description:
Unable to open shim database version registry key - v2.0.50727.00000
Event Record #/Type649 / Error
Event Submitted/Written: 03/08/2008 11:10:31 PM
Event ID/Source: 0 / .NET Runtime
Event Description:
Unable to open shim database version registry key - v2.0.50727.00000
Event Record #/Type647 / Error
Event Submitted/Written: 03/08/2008 11:09:26 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application OrganizeME.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type645 / Error
Event Submitted/Written: 03/08/2008 06:25:02 PM
Event ID/Source: 0 / .NET Runtime
Event Description:
Unable to open shim database version registry key - v2.0.50727.00000
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type1607 / Warning
Event Submitted/Written: 03/10/2008 03:25:46 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type1599 / Error
Event Submitted/Written: 03/10/2008 00:08:46 AM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}.
The error:
"%%2"
Happened while starting this command:
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -Embedding
Event Record #/Type1598 / Error
Event Submitted/Written: 03/10/2008 00:08:45 AM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}.
The error:
"%%2"
Happened while starting this command:
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -Embedding
Event Record #/Type1597 / Error
Event Submitted/Written: 03/10/2008 00:08:45 AM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {FBA44040-BD27-4A09-ACC8-C08B7C723DCD}.
The error:
"%%2"
Happened while starting this command:
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -Embedding
Event Record #/Type1594 / Error
Event Submitted/Written: 03/09/2008 11:56:19 PM
Event ID/Source: 10000 / DCOM
Event Description:
Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}.
The error:
"%%2"
Happened while starting this command:
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe" /PDFShell -Embedding
-- End of Deckard's System Scanner: finished at 2008-03-10 16:32:37 ------------
and here's kaspersky's-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, March 11, 2008 2:28:43 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/03/2008
Kaspersky Anti-Virus database records: 622359
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
I:\
Scan Statistics:
Total number of scanned objects: 82337
Number of viruses found: 8
Number of infected objects: 55
Number of suspicious objects: 0
Duration of the scan process: 06:00:23
Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\SVCHOST.exe Infected: Virus.Win32.VB.id skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mariam\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Documents and Settings\Mariam\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Mariam\Label14sv.exe Infected: Virus.Win32.VB.id skipped
C:\Documents and Settings\Mariam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mariam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mariam\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mariam\Local Settings\temp\~DFAAF1.tmp Object is locked skipped
C:\Documents and Settings\Mariam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Mariam\Local Settings\Temporary Internet Files\PhishingFilter\45E13EC5-3DB7-4B3D-9F80-073A58AB5E82.dat Object is locked skipped
C:\Documents and Settings\Mariam\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Mariam\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sarah\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Documents and Settings\Sarah\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sarah\Label14sv.exe Infected: Virus.Win32.VB.id skipped
C:\Documents and Settings\Sarah\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Sarah\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Sarah\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sarah\Local Settings\History\History.IE5\MSHist012008031020080311\index.dat Object is locked skipped
C:\Documents and Settings\Sarah\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sarah\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Sarah\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Outlook Express\propryhdeco.html Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\TrojanHunter 5.0\Quarantine\eqdjT.dat Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Program Files\TrojanHunter 5.0\Quarantine\hXXAo.dat Infected: Virus.Win32.Trats.d skipped
C:\Program Files\TrojanHunter 5.0\Quarantine\iCFDp2mS.dat Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Program Files\TrojanHunter 5.0\Quarantine\qabk7.dat Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP1\A0000003.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP1\A0001006.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP1\A0001007.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP12\A0004138.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP14\A0005059.exe Infected: Virus.Win32.VB.id skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP14\change.log Object is locked skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP2\A0001011.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP2\A0002007.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP2\A0002279.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP2\A0002300.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP2\A0002303.Exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP2\A0002305.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP2\A0002306.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP2\A0002307.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP2\A0002308.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP2\A0002310.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP2\A0002318.Exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP2\A0002320.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP2\A0002321.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP2\A0002322.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP2\A0002323.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP2\A0002324.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP2\A0002608.Exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP2\A0002611.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP3\A0002628.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP4\A0003684.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP4\A0003685.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP4\A0003686.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP4\A0003687.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP4\A0003688.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP4\A0003689.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP4\A0003690.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C41C682F-B746-4F7F-9A7D-116945DCEFFE}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\edcA18\edcA182328.exe Infected: Trojan-Downloader.Win32.VB.ceh skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{737F352B-272F-4D17-BBC1-8022F73D6737}\RP14\change.log Object is locked skipped
I:\Sources\nc111nt.zip/nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
I:\Sources\nc111nt