Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Badly Infected, Obfuskated Maybe[RESOLVED]


  • This topic is locked This topic is locked

#1
Gene323

Gene323

    Member

  • Member
  • PipPip
  • 24 posts
Hi, I'm new here so sorry if i do something wrong. My girlfriend was being careless and downloaded some viruses on her computer yesterday. I ran AVG in safe mode, but all it did was move a bunch of files to the vault. I'm pretty sure Obfuskated is involved because it came up in the scan, and occassionally AVG warns me that its detected. Also, my computer has total sharing with hers, and I think my computer is infected as well. It was working fine at the time of the infection, but when I try to boot up today, it auto logs me off windows, even in safe mode. Here are her logs. I will be checking this topic often and highly appreciate any help. Thanks in advance.

HiJackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:26 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Documents and Settings\All Users\Application Data\mlgzkxml\klczoder.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: mkrndofl - {503AA2B1-C257-44D3-82D9-43FD349561A6} - C:\WINDOWS\mkrndofl.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [OZB7yYR7am] C:\Documents and Settings\All Users\Application Data\mlgzkxml\klczoder.exe
O4 - HKCU\..\Policies\Explorer\Run: [OZB7yYR7am] C:\Documents and Settings\All Users\Application Data\mlgzkxml\klczoder.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: YPOPs.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152845331453
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/...all/Crusher.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O21 - SSODL: tdomgafw - {203A2FA4-3279-4154-93F1-ABD87553916C} - C:\WINDOWS\tdomgafw.dll (file missing)
O21 - SSODL: wetkadmr - {0899629B-EF79-49CF-9FC9-32FE6C9812F3} - C:\WINDOWS\wetkadmr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 11176 bytes

Kapersky Online Web Scanner Log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 03, 2008 3:02:37 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/05/2008
Kaspersky Anti-Virus database records: 736972
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 89385
Number of viruses found: 2
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 01:04:48

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\mlgzkxml\klczoder.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\ME\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\ME\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\ME\Desktop\Nero-8.2.8.0_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\ME\Desktop\Nero-8.2.8.0_eng_trial.exe 7-Zip: infected - 1 skipped
C:\Documents and Settings\ME\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\ME\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\ME\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\ME\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\ME\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\ME\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ME\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ME\ntuser.dat Object is locked skipped
C:\Documents and Settings\ME\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU9.txt Object is locked skipped
C:\Program Files\YPOPs\ypops.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP192\A0016836.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP192\A0016837.dll Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP192\A0016838.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP192\A0016839.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP192\A0016840.dll Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP194\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0E49F114-083B-427C-AD4D-677D299430AB}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\cjqpgtcr.exe Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

HiJackThis Uninstall Log:
µTorrent
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Alarm 2.0.4
All Mobile Casino 3 - VGA/QVGA Edition 3.0.5
AOLIcon
Apple Software Update
ATI Control Panel
ATI Display Driver
AvantGo Client
AVG 7.5
Chess Mobile for Windows Mobile
CinepPlayer 30 Update
ClickBall Freeware Edition
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 2.2.3.258h
Corel Photo Album 6
Creative Jukebox Driver
Creative Removable Disk Manager
Creative System Information
DeepBurner v1.8.0.224
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
DietOrganizer Mobile
Digital Content Portal
DivX Web Player
Documentation & Support Launcher
DVD Shrink 3.2
EarthLink setup files
EducateU
ELIcon
Foxit PDF Editor
Foxit Reader
Games, Music, & Photos Launcher
Get High Speed Internet!
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Deskjet 3900 series
HP Imaging Device Functions 5.0
HP Photosmart Essential
HP Software Update
HP Solution Center & Imaging Support Tools 5.0
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Online Scanner
LG USB Drivers
MCU
MemoriesOnTV 3.1.7
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows Journal Viewer
Motorola Driver Installation
Mozilla Firefox (2.0.0.13)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
Nero 8 Trial
neroxml
OmniGSoft Snow Rally Canada 1.1 for Pocket PC
Panda ActiveScan
Questionmark Secure Browser
QuickTime
RCT3 Soaked
RealPlayer Basic
RollerCoaster Tycoon® 3
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Search Assist
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Publisher 2007 (KB936646)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Shareaza version 2.2.5.4
Sonic Activation Module
Sonic Update Manager
Sony Picture Utility
Sony USB Driver
Spb Brain Evolution
Spb Phone Suite
Spb Pocket Plus
Spb Time
Spb Weather
SplashPhoto for PocketPC
Spybot - Search & Destroy
SVCD2DVD 2.5 DEMO
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb949037)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Word 2007 (KB934173)
VCRedistSetup
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
Virtual Earth 3D (Beta)
WebCyberCoach 3.2 Dell
WG111v2 Configuration Utility
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinRAR archiver
WordPerfect Office 12
YPOPs! 0.9.5.1
zAlternator
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)

DSS Main Log:
Deckard's System Scanner v20071014.68
Run by ME on 2008-05-03 15:31:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
95: 2008-05-03 22:31:58 UTC - RP195 - Deckard's System Scanner Restore Point
94: 2008-05-03 09:14:45 UTC - RP194 - Removed AdwareAlert
93: 2008-05-03 08:46:37 UTC - RP193 - Installed AdwareAlert
92: 2008-05-03 06:00:37 UTC - RP192 - Removed Internet Service Offers Launcher
91: 2008-05-02 11:24:35 UTC - RP191 - System Checkpoint


-- First Restore Point --
1: 2008-02-04 02:32:52 UTC - RP101 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as ME.exe) --------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:48 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Documents and Settings\All Users\Application Data\mlgzkxml\klczoder.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\ZD5SVV6W\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ME.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: mkrndofl - {503AA2B1-C257-44D3-82D9-43FD349561A6} - C:\WINDOWS\mkrndofl.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [OZB7yYR7am] C:\Documents and Settings\All Users\Application Data\mlgzkxml\klczoder.exe
O4 - HKCU\..\Policies\Explorer\Run: [OZB7yYR7am] C:\Documents and Settings\All Users\Application Data\mlgzkxml\klczoder.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: YPOPs.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152845331453
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/...all/Crusher.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O21 - SSODL: tdomgafw - {203A2FA4-3279-4154-93F1-ABD87553916C} - C:\WINDOWS\tdomgafw.dll (file missing)
O21 - SSODL: wetkadmr - {0899629B-EF79-49CF-9FC9-32FE6C9812F3} - C:\WINDOWS\wetkadmr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 11342 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 SjyPkt - c:\windows\system32\drivers\sjypkt.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 SSKBFD (Webroot Spy Sweeper Keylogger Shield Keyboard Filter) - c:\windows\system32\drivers\sskbfd.sys <Not Verified; Webroot Software Inc (www.webroot.com); Spy Sweeper SDK>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-03 09:00:00 266 --a------ C:\WINDOWS\Tasks\The Metamorphosis.job


-- Files created between 2008-04-03 and 2008-05-03 -----------------------------

2008-05-03 15:19:53 94208 --a------ C:\WINDOWS\system32\mlyburwb.exe
2008-05-03 15:03:12 0 d-------- C:\Program Files\Trend Micro
2008-05-03 03:22:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-03 03:22:30 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-03 03:22:29 0 d-------- C:\WINDOWS\LastGood
2008-05-03 03:19:50 114688 --a------ C:\WINDOWS\system32\cjqpgtcr.exe
2008-05-02 22:34:23 0 d-------- C:\Documents and Settings\ME\.housecall6.6
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\WINWGPX.EXE
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\winsystem.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\winlogonpc.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\vcatchpi.dll
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\temp#01.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\taack.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\taack.dat
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\sysreq.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\ssvchost.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\ssvchost.com
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\ssurf022.dll
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\sncntr.exe
2008-05-02 22:26:48 0 d-------- C:\WINDOWS\system32\smp
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\Rundl1.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\regm64.dll
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\regc64.dll
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\psoft1.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\psof1.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\ps1.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\newsd32.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\netode.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\mwin32.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\mtr2.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\msvchost.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\mssecu.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\msnbho.dll
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\msgp.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\hoproxy.dll
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\dpcproxy.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\bsva-egihsg52.exe
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\bdn.com
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\awtoolb.dll
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\anticipator.dll
2008-05-02 22:26:48 4096 --a------ C:\WINDOWS\system32\akttzn.exe
2008-05-02 22:26:42 0 d-------- C:\Documents and Settings\All Users\Application Data\mlgzkxml


-- Find3M Report ---------------------------------------------------------------

2008-05-03 03:20:05 0 d-------- C:\Program Files\YPOPs
2008-05-03 01:46:22 0 d-------- C:\Documents and Settings\ME\Application Data\AVG7
2008-05-02 22:58:50 0 d--h----- C:\Documents and Settings\ME\Application Data\Move Networks
2008-04-17 21:17:27 0 d-------- C:\Documents and Settings\ME\Application Data\Vso
2008-04-02 00:13:47 0 d-------- C:\Program Files\QuickTime
2008-04-02 00:13:06 0 d-------- C:\Program Files\Apple Software Update
2008-03-05 18:41:58 0 d-------- C:\Program Files\Alarm
2008-03-05 03:10:28 0 d-------- C:\Program Files\AvantGo
2008-03-05 03:03:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-04 04:06:38 0 d-------- C:\Program Files\Windows Desktop Search
2008-02-27 21:15:46 162816 --a------ C:\WINDOWS\system32\fmod.dll <Not Verified; Firelight Technologies Pty, Ltd; FMOD>
2008-02-22 17:17:38 2528 --a------ C:\Documents and Settings\ME\Application Data\$_hpcst$.hpc


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 02:20 PM C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/05/2005 07:05 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [05/03/2006 03:12 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 08:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 08:44 AM]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [09/08/2005 03:20 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 12:47 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [05/02/2008 10:48 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [11/15/2007 10:51 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 03:21 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/02/2008 12:08 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 01:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 08:10 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [11/13/2006 02:39 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\ME\Start Menu\Programs\Startup\
YPOPs.lnk - C:\Program Files\YPOPs\YPOPs.exe [2/1/2008 6:44:14 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"OZB7yYR7am"=C:\Documents and Settings\All Users\Application Data\mlgzkxml\klczoder.exe

[HKEY_CURRENT_USER\software\microsoft\windo

Edited by wannabe1, 03 May 2008 - 08:10 PM.

  • 0

Advertisements


#2
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

Welcome to GeeksToGo. My name is RatHat, and I will help you get through the process of cleaning the malware from your computer.


OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully. I also need you to follow my instructions in the order that they are given. If however, you cannot carry out one of them, please continue on with the next and let me know what you were unsuccessful with.

Next, I would like to make sure that you can view hidden files and folders;
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading SELECT Show hidden files and folders.
  • UNCHECK the Hide protected operating system files (recommended) option.
  • UNCHECK the Hide extensions for known file types option.
  • Click Yes to confirm.
  • Click OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please uninstall the following programs:

µTorrent
Shareaza version 2.2.5.4
Viewpoint Media Player

  • Go to Start then Settings, then Control Panel
  • Choose Add or Remove Programs
  • Remove all of the above
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O3 - Toolbar: mkrndofl - {503AA2B1-C257-44D3-82D9-43FD349561A6} - C:\WINDOWS\mkrndofl.dll (file missing)
O4 - HKLM\..\Policies\Explorer\Run: [OZB7yYR7am] C:\Documents and Settings\All Users\Application Data\mlgzkxml\klczoder.exe
O4 - HKCU\..\Policies\Explorer\Run: [OZB7yYR7am] C:\Documents and Settings\All Users\Application Data\mlgzkxml\klczoder.exe
O21 - SSODL: tdomgafw - {203A2FA4-3279-4154-93F1-ABD87553916C} - C:\WINDOWS\tdomgafw.dll (file missing)
O21 - SSODL: wetkadmr - {0899629B-EF79-49CF-9FC9-32FE6C9812F3} - C:\WINDOWS\wetkadmr.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Documents and Settings\All Users\Application Data\mlgzkxml\klczoder.exe
C:\Documents and Settings\ME\Desktop\Nero-8.2.8.0_eng_trial.exe
C:\Documents and Settings\All Users\Application Data\mlgzkxml


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Open Notepad, and copy everything in the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
  • Save the Notepad file to your Desktop as OTM.txt.
  • Close OTMoveIt
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please include the contents of OTM.txt in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next reply, please include the contents of OTM.txt, the MBAM log, and a fresh HijackThis log, taken after completing all of the above. Also let me know how the computer is performing now.

Regards,
RatHat
  • 0

#3
Gene323

Gene323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thanks so much rathat. I did everything you told me to do. It is running better and AVG doesnt alert me of any virus's anymore. Also, I ran another Kapersky scan after all the steps and it found nothing. Here are the results.

OTM
File/Folder C:\Documents and Settings\All Users\Application Data\mlgzkxml\klczoder.exe not found.
File/Folder C:\Documents and Settings\ME\Desktop\Nero-8.2.8.0_eng_trial.exe not found.
C:\Documents and Settings\All Users\Application Data\mlgzkxml moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05042008_133354

MBAM
Malwarebytes' Anti-Malware 1.11
Database version: 712

Scan type: Full Scan (C:\|)
Objects scanned: 127779
Time elapsed: 1 hour(s), 21 minute(s), 37 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 36

Memory Processes Infected:
C:\Documents and Settings\All Users\Application Data\mlgzkxml\klczoder.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mkrndofl.bknp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mkrndofl.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{503aa2b1-c257-44d3-82d9-43fd349561a6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{53b70190-18ac-4a9b-9999-ab5a2ee144b1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8a3a5e9e-e192-4c90-9d41-b8de0916e03e} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{638a8e0c-f206-471c-b346-9596addbb026} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{488250ee-19cb-433a-8f37-ceba84093a7d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{96f7bae9-bc94-4206-8466-1fa321178963} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\OZB7yYR7am (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\OZB7yYR7am (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{503aa2b1-c257-44d3-82d9-43fd349561a6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Application Data\mlgzkxml\klczoder.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

New HiJack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:34 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\ME\Desktop\OTMoveIt2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: YPOPs.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152845331453
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/...all/Crusher.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 10589 bytes
  • 0

#4
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

We still have a bit more to do, so please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Regards,
RatHat
  • 0

#5
Gene323

Gene323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
ComboFix:
ComboFix 08-05-01.3 - ME 2008-05-04 17:51:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1365 [GMT -7:00]
Running from: C:\Documents and Settings\ME\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-04-05 to 2008-05-05 )))))))))))))))))))))))))))))))
.

2008-05-04 13:33 . 2008-05-04 13:33 <DIR> d-------- C:\_OTMoveIt
2008-05-03 17:53 . 2008-05-03 17:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-03 17:53 . 2008-05-03 17:53 <DIR> d-------- C:\Documents and Settings\ME\Application Data\Malwarebytes
2008-05-03 17:53 . 2008-05-03 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-03 15:31 . 2008-05-03 15:31 <DIR> d-------- C:\Deckard
2008-05-03 15:03 . 2008-05-03 15:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-03 03:22 . 2008-05-03 03:22 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-03 03:22 . 2008-05-03 03:22 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-03 03:22 . 2008-05-03 03:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-03 02:19 . 2008-05-03 02:19 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-02 22:34 . 2008-05-02 22:47 <DIR> d-------- C:\Documents and Settings\ME\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-04 20:31 --------- d-----w C:\Documents and Settings\ME\Application Data\Shareaza
2008-05-04 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-03 10:20 --------- d-----w C:\Program Files\YPOPs
2008-05-03 09:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-03 08:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-03 08:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-05-03 08:48 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-05-03 08:48 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-03 08:46 --------- d-----w C:\Documents and Settings\ME\Application Data\AVG7
2008-05-03 06:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-05-03 06:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AVG7
2008-05-03 05:58 --------- d--h--w C:\Documents and Settings\ME\Application Data\Move Networks
2008-04-18 04:17 --------- d-----w C:\Documents and Settings\ME\Application Data\Vso
2008-04-09 10:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-02 07:13 --------- d-----w C:\Program Files\QuickTime
2008-04-02 07:13 --------- d-----w C:\Program Files\Apple Software Update
2008-04-02 07:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-02 07:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-06 01:41 --------- d-----w C:\Program Files\Alarm
2008-03-05 10:10 --------- d-----w C:\Program Files\AvantGo
2008-03-05 10:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-02 01:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-28 04:15 162,816 ----a-w C:\WINDOWS\system32\fmod.dll
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-01-21 06:00 47,360 ----a-w C:\Documents and Settings\ME\Application Data\pcouffin.sys
2007-09-30 23:37 88 --sh--r C:\WINDOWS\system32\606A532FFA.sys
2006-09-25 02:19 56 --sh--r C:\WINDOWS\system32\FA2F536A60.sys
2007-09-30 23:37 4,392 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 14:20 339968 C:\WINDOWS\stsystra.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 19:05 344064]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 03:12 98304]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 08:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 08:44 81920]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 03:20 122940]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-05-02 22:48 579584]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2007-11-15 22:51 166304]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 15:21 2213160]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-02 00:08 385024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-05-02 22:47 219136]

C:\Documents and Settings\ME\Start Menu\Programs\Startup\
YPOPs.lnk - C:\Program Files\YPOPs\YPOPs.exe [2008-02-01 18:44:14 1331200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-12 00:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-07-12 17:05 1117184 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-07-06 21:54 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Foxit Software\\PDF Editor\\PDFEdit.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"32324:TCP"= 32324:TCP:Shareaza
"32324:UDP"= 32324:UDP:Shareaza
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-07-04 01:19]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 12:43]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 22:38]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2007-11-15 22:51]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2006-03-27 18:53]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 09:57]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2007-11-15 22:51]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-04 16:00:00 C:\WINDOWS\Tasks\The Metamorphosis.job"
- C:\Documents and Settings\ME\Desktop\The Metamorphosis.doc
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 17:52:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-04 17:53:27
ComboFix-quarantined-files.txt 2008-05-05 00:53:14
ComboFix2.txt 2008-05-03 23:00:51

Pre-Run: 50,391,359,488 bytes free
Post-Run: 50,419,609,600 bytes free

148 --- E O F --- 2008-04-09 10:03:47

HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:29 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: YPOPs.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.appl...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1152845331453
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/...all/Crusher.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 10394 bytes
  • 0

#6
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hey there,

OK! Well done, your log is clean again! :)

Now lets uninstall Combofix and have a bit of a cleanup:
  • Click START then RUN
  • Now type ComboFix.exe /u in the runbox and click OK
The above procedure will do the following:
  • Delete ComboFix and its associated files and folders.
  • Delete VundoFix backups, if present
  • Delete the C:\Deckard folder, if present
  • Delete the C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.
Please delete any logs or other files we have used during the fixing of your machine.

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


An essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


In addition to Windows updates, you also need to ensure that your version of Java is the latest.Click here to download the latest version (Java Runtime Environment (JRE) 6 Update 5). Once downloaded, install it and then Reboot your computer.

It is most important that you also uninstall older versions of Java.
  • Click Start, Control Panel, Add/Remove Programs.
  • Delete all Java updates except Java ™ 6 Update 5
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OK, now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware
  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here.
  • Spybot Search & Destroy a powerful tool which can "search and destroy" nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. A tutorial can be found here.
  • AdAware another very powerful tool which searches and kills nasties that infect your system. A tutorial can be found here. AdAware and Spybot Search & Destroy compliment each other very well.

Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Next lets look at Firewalls. These help to prevent unauthorised access both to and from the internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system.

Personal Firewalls~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Lastly, it is a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

Temp File Cleaners
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Note: Do NOT run this program if you have XP Professional 64 bit edition.
  • ATF Cleaner A very powerful cleaning program for XP and Windows 2000 only. Note: You may have this already as part of the fixes you have run.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!

Best regards,
RatHat
  • 0

#7
Gene323

Gene323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
The infected computer is running fine now, and I will take all the preventative measures to prevent it from happening again. The only thing is that my computer had full sharing with the infected computer, and I'm afraid that my computer got infected that way. Is that possible? As I alluded to in the first post, when I tried to use my computer the next day, windows would automatically log me off my account, even in safe mode. I google'd the problem and found out that it could be caused by spyware or trojans. I had to use system restore through the recovery console just to get it to work again. It's been working fine since, and I've done a bunch of scans and found nothing, but I'm afraid to turn off my computer incase it happens again, because it was very difficult to restore. It could just have been a coincidence, but I'm worried. I feel bad asking for help again, but if you could look over my HijackThis log of my computer and tell me if anything is fishy, I would really appreciate it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:34 AM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Google\Gmail Notifier\gnotify.exe
D:\Program Files\ClamWin\bin\ClamTray.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\Program Files\FolderSize\FolderSizeSvc.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\Windows NT\Accessories\WORDPAD.EXE
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ClamWin] "D:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1008570530140
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Folder Size (FolderSize) - Brio - D:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5572 bytes
  • 0

#8
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
I don't see anything wrong there, so lets have a deeper look with DSS.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, DSS will open two Notepad files: main.txt and extra.txt
  • Use Save As to save both Notepad files to your Desktop and post them in your next reply.
Note: A copy of these files can be found in you root drive, usually C:\Deckard\System Scanner\
  • 0

#9
Gene323

Gene323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thanks alot, I know you're busy, and I really appreciate it :)

Main
Deckard's System Scanner v20071014.68
Run by Eugene on 2008-05-05 11:08:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
21: 2008-05-05 18:08:55 UTC - RP270 - Deckard's System Scanner Restore Point
20: 2008-05-04 20:50:27 UTC - RP269 - Removed Java™ 6 Update 3
19: 2008-05-04 08:37:48 UTC - RP268 - System Checkpoint
18: 2008-05-03 06:32:24 UTC - RP267 - System Checkpoint
17: 2008-05-02 06:25:49 UTC - RP266 - System Checkpoint


-- First Restore Point --
1: 2008-04-15 05:51:48 UTC - RP250 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Eugene.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:58 AM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Google\Gmail Notifier\gnotify.exe
D:\Program Files\ClamWin\bin\ClamTray.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\SpywareGuard\sgmain.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\SpywareGuard\sgbhp.exe
D:\Program Files\FolderSize\FolderSizeSvc.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\Mozilla Firefox\firefox.exe
D:\Program Files\Windows NT\Accessories\WORDPAD.EXE
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Documents and Settings\Eugene\Desktop\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\Eugene.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ClamWin] "D:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = D:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1008570530140
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Folder Size (FolderSize) - Brio - D:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5573 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 TVICHW32 - d:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 FolderSize (Folder Size) - "d:\program files\foldersize\foldersizesvc.exe" <Not Verified; Brio; Folder Size for Windows>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\F4F518508D00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\F4F518508D00
Service: NIC1394

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_1028147B&REV_02\3&13C0B0C5&0&FD
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_24D5&SUBSYS_1028147B&REV_02\3&13C0B0C5&0&FD
Service:


-- Files created between 2008-04-05 and 2008-05-05 -----------------------------

2008-05-05 03:11:35 0 d------c- D:\Program Files\Trend Micro
2008-05-04 13:50:58 0 d------c- D:\WINDOWS\system32\appmgmt
2008-05-04 00:15:42 0 d------c- D:\Documents and Settings\Eugene\Application Data\Malwarebytes
2008-05-04 00:15:36 0 d------c- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-04 00:15:35 0 d------c- D:\Program Files\Malwarebytes' Anti-Malware
2008-05-03 19:29:46 0 d------c- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-03 19:29:45 0 d------c- D:\WINDOWS\system32\Kaspersky Lab
2008-05-03 19:29:42 0 d------c- D:\WINDOWS\LastGood
2008-05-03 15:25:26 0 d--h---c- D:\Documents and Settings\Administrator\Templates <TEMPLA~1>
2008-05-03 15:25:26 0 dr-----c- D:\Documents and Settings\Administrator\Start Menu <STARTM~1>
2008-05-03 15:25:26 0 dr-h---c- D:\Documents and Settings\Administrator\SendTo
2008-05-03 15:25:26 0 d--h---c- D:\Documents and Settings\Administrator\Recent
2008-05-03 15:25:26 0 d--h---c- D:\Documents and Settings\Administrator\PrintHood <PRINTH~1>
2008-05-03 15:25:26 0 d--h---c- D:\Documents and Settings\Administrator\NetHood
2008-05-03 15:25:26 0 d------c- D:\Documents and Settings\Administrator\My Documents <MYDOCU~1>
2008-05-03 15:25:26 0 d--h---c- D:\Documents and Settings\Administrator\Local Settings <LOCALS~1>
2008-05-03 15:25:26 0 d------c- D:\Documents and Settings\Administrator\Favorites <FAVORI~1>
2008-05-03 15:25:26 0 d------c- D:\Documents and Settings\Administrator\Desktop
2008-05-03 15:25:26 0 d---s--c- D:\Documents and Settings\Administrator\Cookies
2008-05-03 15:25:26 0 dr-h---c- D:\Documents and Settings\Administrator\Application Data <APPLIC~1>
2008-05-03 15:25:26 0 d---s--c- D:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-03 15:25:25 229376 --ah----- D:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-03 03:17:04 0 d------c- D:\Program Files\SpywareGuard
2008-05-03 03:13:32 0 d------c- D:\Documents and Settings\All Users\Application Data\TEMP
2008-05-03 03:13:28 118784 --a----c- D:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-05-03 03:13:27 0 d------c- D:\Program Files\SpywareBlaster


-- Find3M Report ---------------------------------------------------------------

2008-05-04 20:21:33 0 d------c- D:\Program Files\Warcraft III
2008-05-04 13:50:49 0 d------c- D:\Program Files\Java
2008-05-03 02:57:22 0 d------c- D:\Documents and Settings\Eugene\Application Data\uTorrent
2008-04-20 15:50:05 0 d------c- D:\Program Files\ClamWin
2008-04-13 17:53:17 0 d------c- D:\Program Files\Paint.NET
2008-04-07 22:56:54 0 d------c- D:\Documents and Settings\Eugene\Application Data\Joost
2008-03-29 19:46:37 0 d------c- D:\Program Files\Joost
2008-03-28 13:41:32 0 d------c- D:\Program Files\Winamp
2008-03-28 13:40:49 0 d------c- D:\Documents and Settings\Eugene\Application Data\Winamp
2008-03-24 16:07:34 0 d------c- D:\Program Files\Microsoft Bootvis
2008-03-08 12:52:43 0 d------c- D:\Documents and Settings\Eugene\Application Data\dvdcss
2008-03-05 23:33:03 0 d------c- D:\Program Files\DOSBox-0.63
2008-02-09 17:34:57 3442 --a----c- D:\WINDOWS\unins000.dat
2008-02-09 17:34:10 691545 --a----c- D:\WINDOWS\unins000.exe
2008-02-06 18:55:20 71240 --a----c- D:\WINDOWS\War3Unin.dat
2008-02-06 18:48:56 2829 --a----c- D:\WINDOWS\War3Unin.pif
2008-02-06 18:48:56 139264 --a----c- D:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="D:\WINDOWS\system32\dumprep 0 -k" []
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="D:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/15/2005 02:48 PM]
"ClamWin"="D:\Program Files\ClamWin\bin\ClamTray.exe" [04/19/2008 04:35 PM]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 11:37 AM]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 12:43 PM]
"@"="" []

D:\Documents and Settings\Eugene\Start Menu\Programs\Startup\
SpywareGuard.lnk - D:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5fe444d3-ac1f-11dc-9dd6-806d6172696f}]
AutoRun\command- E:\setup.exe

*Newly Created Service* - APPMGMT



-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

8124 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-05 11:11:45 ------------

Extra
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
CPU 1: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 1023.48 MiB / 322.33 MiB
Pagefile Memory (total/avail): 2463.79 MiB / 1832.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.71 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 57.26 GiB total, 15.06 GiB free.
D: is Fixed (NTFS) - 57.26 GiB total, 18.16 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - IC35L060AVVA07-0 - 57.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 57.26 GiB - C:

\\.\PHYSICALDRIVE1 - Maxtor 6Y060L0 - 57.27 GiB - 1 partition
\PARTITION0 - Installable File System - 57.26 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1169 [VPS 080504-0] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"="D:\\Program Files\\Steam\\steamapps\\[email protected]\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"D:\\Program Files\\uTorrent\\uTorrent.exe"="D:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"D:\\Program Files\\Messenger\\msmsgs.exe"="D:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Program Files\\Warcraft III\\war3.exe"="D:\\Program Files\\Warcraft III\\war3.exe:*:Enabled:Warcraft III"
"D:\\Program Files\\SopCast\\SopCast.exe"="D:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"D:\\Program Files\\SopCast\\adv\\SopAdver.exe"="D:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"D:\\Program Files\\uusee\\UUSeePlayer.exe"="D:\\Program Files\\uusee\\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"D:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="D:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"D:\\Program Files\\SopCast\\sopvod.exe"="D:\\Program Files\\SopCast\\sopvod.exe:*:Enabled:sopvod"
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"="D:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"D:\\Program Files\\PPMate\\ppmate.exe"="D:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"D:\\Program Files\\PPMate\\ppamnet.exe"="D:\\Program Files\\PPMate\\ppamnet.exe:*:Enabled:PPMate"
"D:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="D:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"D:\\Program Files\\Internet Explorer\\iexplore.exe"="D:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:UUSEE"
"D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="D:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"D:\\Documents and Settings\\Eugene\\Desktop\\Listchecker\\pickup.listchecker.exe"="D:\\Documents and Settings\\Eugene\\Desktop\\Listchecker\\pickup.listchecker.exe:*:Enabled:pickup.listchecker"
"D:\\Program Files\\Warcraft III\\listchecker\\pickup.listchecker.exe"="D:\\Program Files\\Warcraft III\\listchecker\\pickup.listchecker.exe:*:Enabled:pickup.listchecker"
"D:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="D:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"D:\\Program Files\\Shareaza\\Shareaza.exe"="D:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\Eugene\Application Data
CLIENTNAME=Console
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=GENE
ComSpec=D:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\Eugene
LOGONSERVER=\\GENE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=D:\Program Files\Mozilla Firefox;D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\System32\Wbem;D:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0205
ProgramFiles=D:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\Eugene\LOCALS~1\Temp
TMP=D:\DOCUME~1\Eugene\LOCALS~1\Temp
USERDOMAIN=GENE
USERNAME=Eugene
USERPROFILE=D:\Documents and Settings\Eugene
windir=D:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Eugene (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9B7A778E-AF38-4341-9EA0-1FC981106ADA}\setup.exe" -l0x9 /remove
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 /remove
--> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
µTorrent --> "D:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player ActiveX --> D:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
ATI - Software Uninstall Utility --> D:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 D:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoHotkey 1.0.47.05 --> D:\Program Files\AutoHotkey\uninst.exe
avast! Antivirus --> D:\Program Files\Alwil Software\Avast4\aswRunDll.exe "D:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only) --> "D:\Program Files\CCleaner\uninst.exe"
ClamWin Free Antivirus 0.93 --> "D:\Program Files\ClamWin\unins000.exe"
Combined Community Codec Pack 2007-07-22 --> "D:\Program Files\Combined Community Codec Pack\unins000.exe"
Counter-Strike --> "D:\Program Files\Steam\steam.exe" steam://uninstall/10
Creative Mass Storage Drivers --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Nano Plus --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{BA63612E-0458-416A-ADCD-B2349194F20F}\SETUP.EXE" -l0x9 /remove
DeepBurner v1.8.0.224 --> "D:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "D:\Program Files\Astonsoft\DeepBurner\install.log"
DivX Web Player --> D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DriverGuide DriverScan --> D:\Program Files\DriverGuide DriverScan\uninstall.exe
Folder Size for Windows --> MsiExec.exe /I{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}
Foxit PDF Editor --> C:\Program Files\Foxit Software\PDF Editor\uninstall.exe
Foxit Reader --> D:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Games Offer, Desktop Shortcut --> MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}
Google Gmail Notifier --> "D:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
HijackThis 2.0.2 --> "D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Joost ™ Beta 1.1.3 --> D:\Program Files\Joost\uninst.exe
Kaspersky Online Scanner --> D:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Malwarebytes' Anti-Malware --> "D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Move Networks Media Player for Internet Explorer --> D:\Documents and Settings\Eugene\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.14) --> D:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Paint.NET v3.30 --> MsiExec.exe /X{FF09A6A1-4DE5-467D-AA26-EF18C0EA4DAB}
PeerGuardian 2.0 --> "D:\Program Files\PeerGuardian2\unins000.exe"
Real Alternative 1.7.5 --> "D:\Program Files\Real Alternative\unins000.exe"
SopCast 2.0.4 --> D:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy --> "D:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "D:\WINDOWS\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TVUPlayer 2.3.5.4 --> D:\Program Files\TVUPlayer\uninst.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeohTV BETA --> D:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6d --> D:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III: All Products --> D:\WINDOWS\War3Unin.exe D:\WINDOWS\War3Unin.dat
WC3Banlist --> "D:\Program Files\WC3Banlist\unins000.exe"
Winamp --> "D:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component --> "D:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinPcap 4.0.2 --> D:\Program Files\WinPcap\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type916 / Error
Event Submitted/Written: 05/04/2008 01:27:01 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type861 / Error
Event Submitted/Written: 04/20/2008 02:27:10 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module sopocx.ocx, version 2.0.4.1120, fault address 0x0002d840.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type852 / Error
Event Submitted/Written: 04/14/2008 10:50:14 PM
Event ID/Source: 0 / FolderSize
Event Description:
Scanner reports error 0X00000000: The operation completed successfully.

Event Record #/Type839 / Error
Event Submitted/Written: 04/09/2008 03:28:24 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ventrilo.exe, version 3.0.1.0, faulting module unknown, version 0.0.0.0, fault address 0x4b435553.
Processing media-specific event for [ventrilo.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9101 / Warning
Event Submitted/Written: 05/04/2008 11:25:30 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type9100 / Error
Event Submitted/Written: 05/04/2008 08:21:34 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type9099 / Error
Event Submitted/Written: 05/04/2008 06:45:23 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type9098 / Error
Event Submitted/Written: 05/04/2008 05:21:17 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type9097 / Error
Event Submitted/Written: 05/04/2008 05:19:21 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type



-- End of Deckard's System Scanner: finished at 2008-05-05 11:11:45 ------------
  • 0

#10
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
There is nothing showing in that log either. Are you still experiencing any problems?

Regards,
RatHat
  • 0

Advertisements


#11
Gene323

Gene323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Everything felt fine, so I turned off my computer last night, but when I tryed to turn it on today, the same problem happened as before. The computer boots up normally, windows loads, shows my background for a second, then automatically logs me off. Even in safe mode I cant log in to the computer. I have to use system restore from recovery console again. I dont understand why this is still happening.
  • 0

#12
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Hi there,

Lets take a deeper look into the machine, as this really is odd.

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
  • Check the box that says Scan All User Accounts
  • Check the box that says Include MD5
  • Check the Radio buttons for Files/Folders Created Within 90 Days and Files/Folders Modified Within 90 Days
  • Check the Radio button under Drivers for Non Microsoft
  • Check the radio button under Rootkit Search for Yes
  • Under Additional Scans check the following:
    • Reg - App Paths
    • Reg - Approved Shell Extensions
    • Reg - ControlSets
    • Reg - Desktop Components
    • Reg - Disabled MS Config Items
    • Reg - File Associations
    • Reg - IE CmdMapping
    • Reg - Safeboot Options
    • Reg - Security Settings
    • Reg - Session Manager Settings
    • Reg - Shell Spawning
    • Reg - Software Policy Settings
    • File - Additional Folder Scans
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EventViewer Errors/Warnings (last 7 days)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

If the log is too large to post, please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please run an online scan with Kaspersky WebScanner. Note: You must use Internet Explorer to run this scan.

Click the Accept button.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display the results if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop as Kaspersky.txt.
  • Copy and paste that information in your next post.


Regards,
RatHat
  • 0

#13
Gene323

Gene323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Attached File  OTScanIt.zip   44.67KB   73 downloadsI uploaded it. I tried as a rar the first time and it said it wasent allowed, thats why i uploaded it to website.
I have avast as my anti-virus, and during the scan it warned me twice about a file.

5/6/2008 4:31:41 PM SYSTEM 1448 Sign of "Win32:Inject-EV [Trj]" has been found in "D:\DOCUME~1\Eugene\LOCALS~1\Temp\vohejlxj.dll" file.
5/6/2008 4:28:53 PM SYSTEM 1448 Sign of "Win32:Inject-EV [Trj]" has been found in "D:\DOCUME~1\Eugene\LOCALS~1\Temp\vohejlxj.dll" file.

Not sure if thats from OT or if thats important.

I will update this post with Kapersky log after it finishes. It's already found 8 viruses.

Edited by Gene323, 06 May 2008 - 06:36 PM.

  • 0

#14
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Could you zip the OTScanIt log and attach it here for me please.

Thanks,
RatHat
  • 0

#15
Gene323

Gene323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 06, 2008 8:10:08 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/05/2008
Kaspersky Anti-Virus database records: 743022
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 227979
Number of viruses found: 10
Number of infected objects: 14
Number of suspicious objects: 0
Duration of the scan process: 03:14:15

Infected Object Name / Virus Name / Last Action
C:\c48d605bf3312bebefdba71f95\%temp%dd_msxml_retMSI.txt Object is locked skipped
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Program Files\Shareaza\Downloads\east far lowridin movement (1).mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\RECYCLER\NPROTECT\00090244.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00090245.MP3 Object is locked skipped
C:\RECYCLER\NPROTECT\00090246.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00090247.zip Object is locked skipped
C:\RECYCLER\NPROTECT\00090248.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00090249.RAR Object is locked skipped
C:\RECYCLER\NPROTECT\00090250.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00090251.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00090252.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00090253.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00090254.ZIP Object is locked skipped
C:\RECYCLER\NPROTECT\00090255.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00090256.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00090257.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00090258.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00090259.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00090260.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00090261.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00090262.JC! Object is locked skipped
C:\RECYCLER\NPROTECT\00090263.JC! Object is locked skipped
C:\RECYCLER\NPROTECT\00090264.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00090265.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00090266.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00090267.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00090268.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00090269.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00090270.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00090271.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00090272.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00090273.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00090274.htm Object is locked skipped
C:\RECYCLER\NPROTECT\00090275.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00090276.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00090277.MAN Object is locked skipped
C:\RECYCLER\NPROTECT\00090278.PDB Object is locked skipped
C:\RECYCLER\NPROTECT\00090279.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00090280.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00090281.wav Object is locked skipped
C:\RECYCLER\NPROTECT\00090282.wav Object is locked skipped
C:\RECYCLER\NPROTECT\00090283.wav Object is locked skipped
C:\RECYCLER\NPROTECT\00090284.wav Object is locked skipped
C:\RECYCLER\NPROTECT\00090285.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00090286.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00090287.wav Object is locked skipped
C:\RECYCLER\NPROTECT\00090288.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00090289.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00090290.WAV Object is locked skipped
C:\RECYCLER\NPROTECT\00090291.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00090292.cfg Object is locked skipped
C:\RECYCLER\NPROTECT\00090293.cfg Object is locked skipped
C:\RECYCLER\NPROTECT\00090296.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00090320.BIN Object is locked skipped
C:\RECYCLER\NPROTECT\00090321.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00090324.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00090327.mfl Object is locked skipped
C:\RECYCLER\NPROTECT\00090328.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00090333.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00090348.wpl Object is locked skipped
C:\RECYCLER\NPROTECT\00090402.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090403.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090404.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090405.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090406.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00090408.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00090409.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00090414 Object is locked skipped
C:\RECYCLER\NPROTECT\00090462.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090463.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090464.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090465.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090467.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00090469.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00090474.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00090476.wsf Object is locked skipped
C:\RECYCLER\NPROTECT\00090478.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090479.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090481.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00090494.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090495.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090500.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00090503.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00090548.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090549.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090550.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090551.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090552.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00090558.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090559.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090561.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00090562.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00090563.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00090564.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090565.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090570.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00090712 Object is locked skipped
C:\RECYCLER\NPROTECT\00090716.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00090732.dtd Object is locked skipped
C:\RECYCLER\NPROTECT\00090733.dtd Object is locked skipped
C:\RECYCLER\NPROTECT\00090736.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00090738.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00090788.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090789.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090790.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090791.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090792.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090793.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090794.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090795.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090796.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090797.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090798.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090799.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090800.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00090801.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00090813.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090814.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090819.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00090826.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00090828.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00090829.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00090830.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00090832.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00090833.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00090835.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00090836.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00090837.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00090838.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00090879.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090880.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090881.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090882.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090883.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00090891.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00090892.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090893.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090898.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00090942.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090943.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090944.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090945.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090946.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00090953.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090954.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00090959.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00091002.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091003.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091004.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091005.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091006.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00091009.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091010.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091012.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00091015.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091016.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091021.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00091067.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091068.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091069.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091070.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091071.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00091072.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091073.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091075.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00091076.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00091077.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00091088.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091089.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091094.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00091135.wsf Object is locked skipped
C:\RECYCLER\NPROTECT\00091139.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091140.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091141.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091142.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091143.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00091156 Object is locked skipped
C:\RECYCLER\NPROTECT\00091157.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00091167.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091168.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091170.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00091183.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091184.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091190.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00091198.dtd Object is locked skipped
C:\RECYCLER\NPROTECT\00091199.dtd Object is locked skipped
C:\RECYCLER\NPROTECT\00091202.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00091205.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00091207.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00091214.XML Object is locked skipped
C:\RECYCLER\NPROTECT\00091215.SIG Object is locked skipped
C:\RECYCLER\NPROTECT\00091222.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00091278.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091279.VXD Object is locked skipped
C:\RECYCLER\NPROTECT\00091280.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00091281 Object is locked skipped
C:\RECYCLER\NPROTECT\00091282.EXP Object is locked skipped
C:\RECYCLER\NPROTECT\00091283.SYS Object is locked skipped
C:\RECYCLER\NPROTECT\00091284.VXD Object is locked skipped
C:\RECYCLER\NPROTECT\00091285.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00091286.EXP Object is locked skipped
C:\RECYCLER\NPROTECT\00091287.SYS Object is locked skipped
C:\RECYCLER\NPROTECT\00091288.VXD Object is locked skipped
C:\RECYCLER\NPROTECT\00091289.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00091290.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00091291.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091292.CAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091293.INF Object is locked skipped
C:\RECYCLER\NPROTECT\00091294.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091295.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091296.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091297.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091298.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00091299.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091300.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091301.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091302.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091303.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091304.GRD Object is locked skipped
C:\RECYCLER\NPROTECT\00091305.SIG Object is locked skipped
C:\RECYCLER\NPROTECT\00091306.INF Object is locked skipped
C:\RECYCLER\NPROTECT\00091307.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091308.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091309.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091310.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091311.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091312.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091313.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091314.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091315.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091316.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091317.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00091318.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091321.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00091322.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00091323.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00091325.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00091326.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00091328.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00091329.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00091330.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00091331.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00091335.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00091337.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00091339.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00091341.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00091343.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00091346.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091347.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091348.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091349.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091350.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091351.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091352.DOC Object is locked skipped
C:\RECYCLER\NPROTECT\00091367.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00091369.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00091370.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00091371.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00091372.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00091373.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00091374.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00091375.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00091376.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00091383.cab Object is locked skipped
C:\RECYCLER\NPROTECT\00091388 Object is locked skipped
C:\RECYCLER\NPROTECT\00091396.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091397.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091398.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00091404.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091405.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091406.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091407.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091411.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00091413.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091414.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091415.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091416.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091417.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091418.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091419.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091420.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00091424.DOC Object is locked skipped
C:\RECYCLER\NPROTECT\00091425.DOC Object is locked skipped
C:\RECYCLER\NPROTECT\00091445.BIN Object is locked skipped
C:\RECYCLER\NPROTECT\00091447.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00091456.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00091457.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00091496 Object is locked skipped
C:\RECYCLER\NPROTECT\00091498.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00091539 Object is locked skipped
C:\RECYCLER\NPROTECT\00091540.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00091551.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00091554.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00091555.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00091556.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00091557.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00091558.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00091560.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00091561.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00091562.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00091563.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00091564.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00091565.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00091566.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00091567.cab Object is locked skipped
C:\RECYCLER\NPROTECT\00091568.hdr Object is locked skipped
C:\RECYCLER\NPROTECT\00091569.cab Object is locked skipped
C:\RECYCLER\NPROTECT\00091570.cab Object is locked skipped
C:\RECYCLER\NPROTECT\00091571.diz Object is locked skipped
C:\RECYCLER\NPROTECT\00091572.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00091573.bin Object is locked skipped
C:\RECYCLER\NPROTECT\00091574.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00091575.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00091576.032 Object is locked skipped
C:\RECYCLER\NPROTECT\00091577.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091578.BOO Object is locked skipped
C:\RECYCLER\NPROTECT\00091579.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00091580.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00091581.inx Object is locked skipped
C:\RECYCLER\NPROTECT\00091582.iss Object is locked skipped
C:\RECYCLER\NPROTECT\00091583.SKI Object is locked skipped
C:\RECYCLER\NPROTECT\00091584.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00091585.cab Object is locked skipped
C:\RECYCLER\NPROTECT\00091586.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00091587.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00091588.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00091589.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00091590.MSI Object is locked skipped
C:\RECYCLER\NPROTECT\00091591.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00091592.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00091593.url Object is locked skipped
C:\RECYCLER\NPROTECT\00091594.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00091595.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00091596.cfg Object is locked skipped
C:\RECYCLER\NPROTECT\00091597.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00091598.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00091599.ITR Object is locked skipped
C:\RECYCLER\NPROTECT\00091600.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00091601.ITR Object is locked skipped
C:\RECYCLER\NPROTECT\00091602.ITR Object is locked skipped
C:\RECYCLER\NPROTECT\00091603.ITR Object is locked skipped
C:\RECYCLER\NPROTECT\00091604.ITR Object is locked skipped
C:\RECYCLER\NPROTECT\00091605.ITR Object is locked skipped
C:\RECYCLER\NPROTECT\00091606.ITR Object is locked skipped
C:\RECYCLER\NPROTECT\00091607.ITR Object is locked skipped
C:\RECYCLER\NPROTECT\00091608.ITR Object is locked skipped
C:\RECYCLER\NPROTECT\00091609.ITR Object is locked skipped
C:\RECYCLER\NPROTECT\00091610.ITR Object is locked skipped
C:\RECYCLER\NPROTECT\00091611.ITR Object is locked skipped
C:\RECYCLER\NPROTECT\00091612.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00091613.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00091614.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00091615.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00091616.pcx Object is locked skipped
C:\RECYCLER\NPROTECT\00091617.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00091618.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091619.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091620.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00091621.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00091622.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00091623.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00091644.PSP Object is locked skipped
C:\RECYCLER\NPROTECT\00091689.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091690.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091692.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00091693.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091694.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091695.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091696.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091700.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00091703.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091704.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091709.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00091712.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00091756.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091757.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091758.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091759.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091760.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00091765.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091766.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091771.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00091777.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091778.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091779.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091780.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091781.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091782.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091783.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091784.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091786.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091787.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091789.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091830.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091831.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091832.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091833.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091834.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091835.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091836.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091837.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091838.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091839.bmp Object is locked skipped
C:\RECYCLER\NPROTECT\00091848.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00091849.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00091850.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00091851.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00091852.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00091853.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00091854.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00091856.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00091857.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091858.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091859.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091860.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091861.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091862.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091863.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091864.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091865.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091866.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091868.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00091874.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00091875.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00091876.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00091877.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091878.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00091883.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00091893 Object is locked skipped
C:\RECYCLER\NPROTECT\00091894.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00091897.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00091914.DIC Object is locked skipped
C:\RECYCLER\NPROTECT\00091964.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00092010.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092011.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092012.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092013.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092014.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00092018.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092019.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092021.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092022.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092028.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00092029.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00092030.prn Object is locked skipped
C:\RECYCLER\NPROTECT\00092031.prn Object is locked skipped
C:\RECYCLER\NPROTECT\00092032.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00092033.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00092034.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00092035.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00092036.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00092037.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00092038.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00092039.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00092040.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00092041.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00092042.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00092043.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00092044.htm Object is locked skipped
C:\RECYCLER\NPROTECT\00092045.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00092046.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00092047.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00092087.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092088.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092089.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092090.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092091.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00092097.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00092098.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092099.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092105.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00092106.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00092107.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00092108.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00092109.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00092110.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00092111.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00092112.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00092114.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00092115.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00092118.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00092119.doc Object is locked skipped
C:\RECYCLER\NPROTECT\00092128.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00092130.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00092132.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00092134.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00092138.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00092140.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00092142.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00092143.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00092144.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00092145.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00092146.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00092147.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00092148.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00092149.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00092165 Object is locked skipped
C:\RECYCLER\NPROTECT\00092170.cab Object is locked skipped
C:\RECYCLER\NPROTECT\00092177.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00092199.BIN Object is locked skipped
C:\RECYCLER\NPROTECT\00092200.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00092209.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00092210.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00092222.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00092235 Object is locked skipped
C:\RECYCLER\NPROTECT\00092237.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00092273 Object is locked skipped
C:\RECYCLER\NPROTECT\00092274.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00092276.XLS Object is locked skipped
C:\RECYCLER\NPROTECT\00092277.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00092278.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00092279.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00092280.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00092285.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00092289.dtd Object is locked skipped
C:\RECYCLER\NPROTECT\00092290.dtd Object is locked skipped
C:\RECYCLER\NPROTECT\00092293.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00092295.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00092296.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00092299.mfl Object is locked skipped
C:\RECYCLER\NPROTECT\00092300.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00092308.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00092309.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092310.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092312.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00092313.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092315.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092316.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092317.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092318.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092321.wsf Object is locked skipped
C:\RECYCLER\NPROTECT\00092367.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092368.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092369.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092370.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092371.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092372.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092373.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092374.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092375.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092376.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092379.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00092380.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00092382 Object is locked skipped
C:\RECYCLER\NPROTECT\00092424.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092425.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092426.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092427.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092429.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092430.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092431.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092432.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092433.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092434.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092436.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00092438.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00092440.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092441.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092442.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092443.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092448.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00092452.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00092456.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00092510.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092511.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092512.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092513.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092514.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092515.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092516.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092517.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092518.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092519.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092524.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00092525.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092526.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092528.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092529.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092530.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092531.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092533.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00092549.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092550.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092555.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00092589.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00092591.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00092592.dat Object is locked skipped
C:\RECYCLER\NPROTECT\00092594.mfl Object is locked skipped
C:\RECYCLER\NPROTECT\00092596.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00092615.dtd Object is locked skipped
C:\RECYCLER\NPROTECT\00092616.dtd Object is locked skipped
C:\RECYCLER\NPROTECT\00092619.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00092628.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092629.lnk Object is locked skipped
C:\RECYCLER\NPROTECT\00092630.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092631.lnk Object is locked skipped
C:\RECYCLER\NPROTECT\00092632.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092633.lnk Object is locked skipped
C:\RECYCLER\NPROTECT\00092634.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092635.lnk Object is locked skipped
C:\RECYCLER\NPROTECT\00092648.PSP Object is locked skipped
C:\RECYCLER\NPROTECT\00092651.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00092652.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092653.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092655.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00092656.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092658.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092659.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092660.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092662.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092705.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092706.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092707.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092708.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092720.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092721.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092727.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00092767.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092768.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092769.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092770.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092771.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092772.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092773.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092774.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092775.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092776.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092779.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00092780.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092781.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092783.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00092804.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092805.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092807.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00092812.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092813.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092815.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00092822.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092823.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00092829.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00092835 Object is locked skipped
C:\RECYCLER\NPROTECT\00092836.dtd Object is locked skipped
C:\RECYCLER\NPROTECT\00092837.dtd Object is locked skipped
C:\RECYCLER\NPROTECT\00092840.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00092853.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00092862.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092863.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092871.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00092872.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00092873.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00092874.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00092875.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00092876.O1D Object is locked skipped
C:\RECYCLER\NPROTECT\00092877.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092906.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00092908.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00092911.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00092913.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00092915.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00092917.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00092918.THE Object is locked skipped
C:\RECYCLER\NPROTECT\00092924.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00092926.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00092927.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092928.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092930.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00092931.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092933.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092934.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092935.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092936.ini Object is locked skipped
C:\RECYCLER\NPROTECT\00092937.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00092938.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00092948.cab Object is locked skipped
C:\RECYCLER\NPROTECT\00092955 Object is locked skipped
C:\RECYCLER\NPROTECT\00092964.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00092965.log Object is locked skipped
C:\RECYCLER\NPROTECT\00092968.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00092969.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00092997.BIN Object is locked skipped
C:\RECYCLER\NPROTECT\00092998.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00093008.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00093009.MAP Object is locked skipped
C:\RECYCLER\NPROTECT\00093033 Object is locked skipped
C:\RECYCLER\NPROTECT\00093035.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00093139.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093140.VXD Object is locked skipped
C:\RECYCLER\NPROTECT\00093141.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00093142 Object is locked skipped
C:\RECYCLER\NPROTECT\00093143.EXP Object is locked skipped
C:\RECYCLER\NPROTECT\00093144.SYS Object is locked skipped
C:\RECYCLER\NPROTECT\00093145.VXD Object is locked skipped
C:\RECYCLER\NPROTECT\00093146.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00093147.EXP Object is locked skipped
C:\RECYCLER\NPROTECT\00093148.SYS Object is locked skipped
C:\RECYCLER\NPROTECT\00093149.VXD Object is locked skipped
C:\RECYCLER\NPROTECT\00093150.DLL Object is locked skipped
C:\RECYCLER\NPROTECT\00093151.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00093152.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093153.CAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093154.INF Object is locked skipped
C:\RECYCLER\NPROTECT\00093155.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093156.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093157.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093158.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093159.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00093160.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093161.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093162.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093163.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093164.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093165.GRD Object is locked skipped
C:\RECYCLER\NPROTECT\00093166.SIG Object is locked skipped
C:\RECYCLER\NPROTECT\00093167.INF Object is locked skipped
C:\RECYCLER\NPROTECT\00093168.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093169.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093170.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093171.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093172.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093173.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093174.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093175.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093176.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093177.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093178.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00093179.DAT Object is locked skipped
C:\RECYCLER\NPROTECT\00093192 Object is locked skipped
C:\RECYCLER\NPROTECT\00093193.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00093225.tm_ Object is locked skipped
C:\RECYCLER\NPROTECT\00093233.INI Object is locked skipped
C:\RECYCLER\NPROTECT\00093235.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00093236.INI Object is locked skipped
C:\RECYCLER\NPROTECT\00093242.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00093243.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00093244.wav Object is locked skipped
C:\RECYCLER\NPROTECT\00093245.ref Object is locked skipped
C:\RECYCLER\NPROTECT\00093246.chm Object is locked skipped
C:\RECYCLER\NPROTECT\00093247.awl Object is locked skipped
C:\RECYCLER\NPROTECT\00093248.ASK Object is locked skipped
C:\RECYCLER\NPROTECT\00093249.exe Object is locked skipped
C:\RECYCLER\NPROTECT\00093250.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00093251.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00093252.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00093253.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00093254.LNK Object is locked skipped
C:\RECYCLER\NPROTECT\00093255.LOG Object is locked skipped
C:\RECYCLER\NPROTECT\00093256.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00093257.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00093258.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00093259.TXT Object is locked skipped
C:\RECYCLER\NPROTECT\00093260.INI Object is locked skipped
C:\RECYCLER\NPROTECT\00093261.awc Object is locked skipped
C:\RECYCLER\NPROTECT\00093262.awd Object is locked skipped
C:\RECYCLER\NPROTECT\00093263.OLD Object is locked skipped
C:\RECYCLER\NPROTECT\00093264.EXE Object is locked skipped
C:\RECYCLER\NPROTECT\00093268.MOZ Object is locked skipped
C:\RECYCLER\NPROTECT\00093271.INI Object is locked skipped
C:\RECYCLER\NPROTECT\00093275.tlb Object is locked skipped
C:\RECYCLER\NPROTECT\00093294.dtd Object is locked skipped
C:\RECYCLER\NPROTECT\00093295.dtd Object is locked skipped
C:\RECYCLER\NPROTECT\00093298.xml Object is locked skipped
C:\RECYCLER\NPROTECT\00093355.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00093356.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00093357.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00093358.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00093359.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00093360.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00093361.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00093362.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00093363.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00093364.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00093366.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00093371.hpk Object is locked skipped
C:\RECYCLER\NPROTECT\00093372.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00093373.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00093375.HTM Object is locked skipped
C:\RECYCLER\NPROTECT\00093384.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00093385.hp2 Object is locked skipped
C:\RECYCLER\NPROTECT\00093390.DMF Object is locked skipped
C:\RECYCLER\NPROTECT\00093508 Object is locked skipped
C:\RECYCLER\NPROTECT\00093510.edb Object is locked skipped
C:\RECYCLER\NPROTECT\00093520.wsf Object is locked skipped
C:\RECYCLER\N
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP