DSS:
Deckard's System Scanner v20071014.68
Run by Austin on 2008-07-19 19:41:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
-- Last 2 Restore Point(s) --
2: 2008-07-19 17:39:59 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2008-07-19 17:35:38 UTC - RP1 - System Checkpoint
Performed disk cleanup.
Total Physical Memory: 223 MiB (512 MiB recommended).-- HijackThis (run as Austin.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:50, on 7/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Austin\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Austin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [BMN] "C:\Program Files\Common Files\DriveCleaner Freeware\dcsm.exe" dm=http://drivecleaner.com ad=http://drivecleaner.com sd=http://log.drivecleaner.com
O4 - HKCU\..\Run: [BMN(1)] "C:\Program Files\Common Files\System Doctor\dcmon.exe" dm=http://systemdoctor.com ad=http://systemdoctor.com sd=http://log.systemdoctor.com/
O4 - HKUS\S-1-5-18\..\Run: [iexplorer] C:\WINDOWS\iexplorer.exe --system (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [iexplorer] C:\WINDOWS\iexplorer.exe --system (User 'Default user')
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://support.gatew...r/PCPitStop.CABO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) -
http://support.gatew...rvest/gwCID.CAB--
End of file - 2652 bytes
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R3 ZD1211BU(ZyDAS) (ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)) - c:\windows\system32\drivers\zd1211bu.sys <Not Verified; ZyDAS Technology Corporation; ZD1211B 802.11 b+g USB LAN Adapter>
R3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 catchme - c:\docume~1\austin\locals~1\temp\catchme.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_10DE&DEV_0242&SUBSYS_60061509&REV_A2\3&2411E6FE&0&28
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_10DE&DEV_0242&SUBSYS_60061509&REV_A2\3&2411E6FE&0&28
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_60061509&REV_A2\3&2411E6FE&0&51
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_60061509&REV_A2\3&2411E6FE&0&51
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200014F1&REV_00\4&DC268A3&0&3880
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200014F1&REV_00\4&DC268A3&0&3880
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_60061509&REV_A1\3&2411E6FE&0&A0
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_60061509&REV_A1\3&2411E6FE&0&A0
Service:
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel Acoustic Echo Canceller
Device ID: SW\{4245FF73-1DB4-11D2-86E4-98AE20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer: Microsoft
Name: Microsoft Kernel Acoustic Echo Canceller
PNP Device ID: SW\{4245FF73-1DB4-11D2-86E4-98AE20524153}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service: aec
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel DLS Synthesizer
Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Manufacturer: Microsoft
Name: Microsoft Kernel DLS Synthesizer
PNP Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Service: DMusic
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel DRM Audio Descrambler
Device ID: SW\{EEC12DB6-AD9C-4168-8658-B03DAEF417FE}\{ABD61E00-9350-47E2-A632-4438B90C6641}
Manufacturer: Microsoft
Name: Microsoft Kernel DRM Audio Descrambler
PNP Device ID: SW\{EEC12DB6-AD9C-4168-8658-B03DAEF417FE}\{ABD61E00-9350-47E2-A632-4438B90C6641}
Service: drmkaud
-- Files created between 2008-06-19 and 2008-07-19 -----------------------------
2008-07-19 18:39:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-19 18:39:30 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-19 18:39:28 0 d-------- C:\WINDOWS\LastGood
2008-07-19 17:58:35 0 d-------- C:\Documents and Settings\Austin\Application Data\Malwarebytes
2008-07-19 17:58:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-19 17:58:29 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-19 16:46:04 0 d-------- C:\Documents and Settings\Austin\DoctorWeb
2008-07-19 15:43:02 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-19 15:23:38 0 d-------- C:\WINDOWS\ERUNT
2008-07-19 14:51:24 0 d-------- C:\Program Files\Trend Micro
2008-07-18 19:16:27 1508 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-18 19:12:08 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-18 19:12:08 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-18 19:12:08 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-18 19:12:08 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-18 19:12:08 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-07-18 19:12:08 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-18 18:29:09 0 d-------- C:\Program Files\msn gaming zone
2008-07-18 18:18:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Uniblue
2008-07-18 17:56:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-07-18 17:54:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-18 17:54:13 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-18 17:54:13 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-18 17:54:13 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-18 17:54:13 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-18 17:54:13 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-18 17:54:13 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-18 17:54:13 786432 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2008-07-18 17:54:13 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-18 17:54:13 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-18 17:54:13 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-18 17:54:13 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-18 17:54:13 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-18 17:54:13 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-18 17:54:13 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-18 17:54:13 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-18 02:40:44 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-17 23:51:08 91648 --a------ C:\WINDOWS\system32\cnvfa.dll
2008-07-17 15:29:40 0 d-------- C:\WINDOWS\Sun
2008-07-17 15:29:40 0 d-------- C:\Documents and Settings\Austin\Application Data\Sun
2008-07-16 21:51:13 0 d-------- C:\Program Files\Java
2008-07-16 21:49:23 0 d-------- C:\Program Files\Common Files\Java
2008-07-16 16:33:33 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:33:31 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:33:14 172416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 16:32:33 0 d-------- C:\Program Files\Realtek AC97
2008-07-16 15:51:19 0 d-------- C:\Documents and Settings\Austin\Application Data\Uniblue
2008-07-16 15:51:14 0 d-------- C:\Program Files\Uniblue
2008-07-16 13:15:43 0 d-------- C:\My Recordings
2008-07-16 13:09:28 0 d-------- C:\Program Files\FREE Hi-Q Recorder
2008-07-16 11:05:07 272128 -----n--- C:\WINDOWS\system32\drivers\bthport.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-16 10:32:08 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-16 10:32:06 0 d--h----- C:\WINDOWS\$hf_mig$
2008-07-16 10:26:13 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-16 10:20:26 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-16 10:20:23 0 d-------- C:\Documents and Settings\Austin\Application Data\Mozilla
2008-07-16 09:31:46 0 d-------- C:\Program Files\Realtek Sound Manager
2008-07-16 09:31:44 0 d-------- C:\Program Files\AvRack
2008-07-16 09:31:43 147456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll <Not Verified; ; RtlCPAPI Module>
2008-07-16 09:31:43 4127488 -ra------ C:\WINDOWS\system32\drivers\alcxwdm.sys <Not Verified; Realtek Semiconductor Corp.; Windows ® WDM driver for Realtek AC'97 Audio(HRTF data Copyright 1994 by MIT Media Lab)>
2008-07-16 09:31:43 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-07-16 09:31:43 577536 --a------ C:\WINDOWS\soundman.exe <Not Verified; Realtek Semiconductor Corp.; Realtek Sound Manager>
2008-07-16 09:31:42 10528768 --a------ C:\WINDOWS\system32\RTLCPL.exe <Not Verified; Realtek Semiconductor Corp.; Realtek Audio Sound Effect Manager>
2008-07-16 09:31:42 315392 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-07-16 09:31:42 217088 --a------ C:\WINDOWS\Alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool>
2008-07-16 09:27:52 0 d-------- C:\cabs
2008-07-16 08:46:36 0 d-------- C:\Documents and Settings\Austin\Application Data\Macromedia
2008-07-15 23:06:25 17151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-07-15 23:06:25 81920 --a------ C:\WINDOWS\system32\ZDPN50.DLL <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-07-15 23:06:25 31744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-07-15 23:06:25 17664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-07-15 23:06:25 488960 --a------ C:\WINDOWS\system32\drivers\ZD1211BU.sys <Not Verified; ZyDAS Technology Corporation; ZD1211B 802.11 b+g USB LAN Adapter>
2008-07-15 23:06:25 29184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-07-15 23:06:24 24576 --a------ C:\WINDOWS\system32\ZyDelReg.exe <Not Verified; ; ZyDelReg Application>
2008-07-15 23:06:24 15872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL <Not Verified; ; InsDrvZD Dynamic Link Library>
2008-07-15 23:06:24 28672 --a------ C:\WINDOWS\system32\InsDrvZD.dll <Not Verified; ; InsDrvZD Dynamic Link Library>
2008-07-15 23:06:24 0 d-------- C:\Program Files\ZyDAS Technology Corporation
2008-07-15 23:06:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-15 23:06:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-15 22:47:14 102400 --a------ C:\WINDOWS\system32\unzip32.dll <Not Verified; Info-ZIP; Info-ZIP's UnZip Windows DLL>
2008-07-15 22:47:14 160768 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-15 22:47:14 77312 --a------ C:\WINDOWS\system32\UNACEV2.DLL
2008-07-15 22:47:13 0 d-------- C:\Program Files\UnzipThemAll
2008-07-14 17:37:23 0 d-------- C:\WINDOWS\pss
2008-07-13 19:59:17 0 d-------- C:\WINDOWS\system32\NtmsData
2008-07-07 16:22:02 0 d-------- C:\Documents and Settings\Austin\Application Data\AdobeUM
2008-07-07 16:21:57 0 d-------- C:\Documents and Settings\Austin\Application Data\Adobe
2008-07-07 16:21:56 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-07 13:47:59 0 d-------- C:\Documents and Settings\Austin\Application Data\Identities
2008-07-07 13:47:58 0 d-------- C:\Documents and Settings\Austin\WINDOWS
2008-07-07 13:47:58 0 d--h----- C:\Documents and Settings\Austin\Templates
2008-07-07 13:47:58 0 dr------- C:\Documents and Settings\Austin\Start Menu
2008-07-07 13:47:58 0 dr-h----- C:\Documents and Settings\Austin\SendTo
2008-07-07 13:47:58 0 dr-h----- C:\Documents and Settings\Austin\Recent
2008-07-07 13:47:58 0 d--h----- C:\Documents and Settings\Austin\PrintHood
2008-07-07 13:47:58 1572864 --ah----- C:\Documents and Settings\Austin\ntuser.dat
2008-07-07 13:47:58 0 d--h----- C:\Documents and Settings\Austin\NetHood
2008-07-07 13:47:58 0 dr------- C:\Documents and Settings\Austin\My Documents
2008-07-07 13:47:58 0 d--h----- C:\Documents and Settings\Austin\Local Settings
2008-07-07 13:47:58 0 dr------- C:\Documents and Settings\Austin\Favorites
2008-07-07 13:47:58 0 d-------- C:\Documents and Settings\Austin\Desktop
2008-07-07 13:47:58 0 d---s---- C:\Documents and Settings\Austin\Cookies
2008-07-07 13:47:58 0 dr-h----- C:\Documents and Settings\Austin\Application Data
2008-07-07 13:47:42 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2008-07-07 13:47:42 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2008-07-07 13:44:01 262144 --a------ C:\Documents and Settings\All Users\ntuser.dat
2008-07-07 13:44:00 2 --a------ C:\REQUEST_OEMRESET_ENDUSER
2008-07-07 13:41:15 0 d--hs---- C:\System Volume Information
2008-07-07 13:39:55 60 --a------ C:\WINDOWS\system32\SYSDRV.DAT
2008-07-07 13:35:09 0 d-------- C:\WINDOWS\SMINST
2008-07-07 13:34:48 506368 --a------ C:\WINDOWS\system32\winlogon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-07 13:34:32 17408 --a------ C:\WINDOWS\system32\svchost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-07 13:34:32 4096 --ahs---- C:\WINDOWS\system32\qweasdf.dat
2008-07-07 13:34:29 58880 --a------ C:\WINDOWS\system32\spoolsv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-07 13:34:23 110592 --a------ C:\WINDOWS\system32\services.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-07 13:33:19 14848 --a------ C:\WINDOWS\system32\lsass.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-07 13:32:20 1034752 --a------ C:\WINDOWS\explorer.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-07 13:31:09 0 d-------- C:\WINDOWS\I386
-- Find3M Report ---------------------------------------------------------------
2008-07-19 15:37:43 0 d-------- C:\Program Files\Common Files
2008-07-17 19:15:37 0 d-------- C:\Program Files\Windows NT
2008-07-17 19:15:32 0 d-------- C:\Program Files\Movie Maker
2008-07-17 19:15:31 0 d-------- C:\Program Files\Messenger
2008-07-17 19:01:51 0 d-------- C:\Program Files\Online Services
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [04/16/2007 15:28 C:\WINDOWS\soundman.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMN"="C:\Program Files\Common Files\DriveCleaner Freeware\dcsm.exe" []
"BMN(1)"="C:\Program Files\Common Files\System Doctor\dcmon.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"iexplorer"=C:\WINDOWS\iexplorer.exe --system
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [7/15/2008 11:06:24 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"ForceActiveDesktopOn"=1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Brave-Sentry]
C:\Program Files\BraveSentry\BraveSentry.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner Freeware]
"C:\Program Files\DriveCleaner Freeware\UDC.exe" /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveSystem]
C:\WINDOWS\system32\maxpaynowti1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcr5mj0e71n]
C:\WINDOWS\system32\lphcr5mj0e71n.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System Doctor Free]
C:\Program Files\System Doctor Free\systemdoc.exe -scan
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System32]
C:\WINDOWS\system32\winds32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDoctor Free]
C:\Program Files\System Doctor Free\systemdoc.exe /min
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDrive]
C:\WINDOWS\system32\maxpaynow1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UDC6_cw]
"C:\Program Files\DriveCleaner Freeware\UDC6_cw.exe" -c
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMDM PMSP Service]
C:\WINDOWS\system32\cssrss.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ICF"=2 (0x2)
"Google Online Services"=2 (0x2)
*Newly Created Service* - GMER
-- End of Deckard's System Scanner: finished at 2008-07-19 19:44:52 ------------
DSS 2:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Sempron Processor 3300+
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 222.42 MiB / 111.11 MiB
Pagefile Memory (total/avail): 542.56 MiB / 386.71 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1911.21 MiB
C: is Fixed (NTFS) - 93.16 GiB total, 87.67 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
\\.\PHYSICALDRIVE0 - ST3100011A - 93.16 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 93.16 GiB - C:
\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device
\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device
\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device
\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"c:\\6bne4e.exe"="c:\\6bne4e.exe:*:Enabled:DHCP Client"
"C:\\WINDOWS\\system32\\cssrss.exe"="C:\\WINDOWS\\system32\\cssrss.exe:*:Enabled:DHCP Client"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Austin\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-E0B3EB9D47
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Austin
LOGONSERVER=\\YOUR-E0B3EB9D47
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Austin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Austin\LOCALS~1\Temp
USERDOMAIN=YOUR-E0B3EB9D47
USERNAME=Austin
USERPROFILE=C:\Documents and Settings\Austin
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Austin
(admin)Administrator
(new local, admin)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
FREE Hi-Q Recorder 1.92 --> "C:\Program Files\FREE Hi-Q Recorder\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
UnzipThemAll 1.3 --> "C:\Program Files\UnzipThemAll\unins000.exe"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
ZyDAS IEEE 802.11 b+g Wireless LAN - USB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\SETUP.EXE" -l0x9
-- Application Event Log -------------------------------------------------------
Event Record #/Type159 / Error
Event Submitted/Written: 07/19/2008 07:41:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0003426d.
Processing media-specific event for [dss.exe!ws!]
Event Record #/Type124 / Error
Event Submitted/Written: 07/19/2008 00:46:31 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.
Event Record #/Type123 / Error
Event Submitted/Written: 07/19/2008 00:46:31 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Event Record #/Type122 / Error
Event Submitted/Written: 07/19/2008 00:40:14 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module unknown, version 0.0.0.0, fault address 0x00bd2985.
Processing media-specific event for [dss.exe!ws!]
Event Record #/Type121 / Error
Event Submitted/Written: 07/19/2008 00:37:07 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application dss.exe, version 3.2.8.1, faulting module unknown, version 0.0.0.0, fault address 0x00bd2985.
Processing media-specific event for [dss.exe!ws!]
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type1802 / Error
Event Submitted/Written: 07/19/2008 05:26:57 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
Event Record #/Type1801 / Error
Event Submitted/Written: 07/19/2008 05:26:57 PM
Event ID/Source: 17 / W32Time
Event Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,time.nist.gov'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)
Event Record #/Type1791 / Warning
Event Submitted/Written: 07/19/2008 05:17:54 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\KEN-2Y1S8XPHV70 on the network \Device\NetBT_Tcpip_{DCEA6DC9-DEC1-49C9-A63C-C1717289461B}.
The data is the error code.
Event Record #/Type1707 / Error
Event Submitted/Written: 07/19/2008 03:36:48 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Computer Browser service depends on the Server service which failed to start because of the following error:
%%231
Event Record #/Type1706 / Error
Event Submitted/Written: 07/19/2008 03:36:48 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Server service failed to start due to the following error:
%%231
-- End of Deckard's System Scanner: finished at 2008-07-19 19:44:52 ------------
KASPERSKY:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, July 19, 2008 19:36:49
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/07/2008
Kaspersky Anti-Virus database records: 975692
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 23873
Number of viruses found: 25
Number of infected objects: 66
Number of suspicious objects: 0
Duration of the scan process: 00:22:49
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\yjkfjmvz.default\cert8.db Object is locked skipped
C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\yjkfjmvz.default\content-prefs.sqlite Object is locked skipped
C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\yjkfjmvz.default\cookies.sqlite Object is locked skipped
C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\yjkfjmvz.default\downloads.sqlite Object is locked skipped
C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\yjkfjmvz.default\formhistory.sqlite Object is locked skipped
C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\yjkfjmvz.default\key3.db Object is locked skipped
C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\yjkfjmvz.default\parent.lock Object is locked skipped
C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\yjkfjmvz.default\permissions.sqlite Object is locked skipped
C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\yjkfjmvz.default\places.sqlite Object is locked skipped
C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\yjkfjmvz.default\places.sqlite-journal Object is locked skipped
C:\Documents and Settings\Austin\Application Data\Mozilla\Firefox\Profiles\yjkfjmvz.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Austin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Austin\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Austin\DoctorWeb\Quarantine\A0017089.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Austin\DoctorWeb\Quarantine\A0017089.exe RAR: infected - 1 skipped
C:\Documents and Settings\Austin\DoctorWeb\Quarantine\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Austin\DoctorWeb\Quarantine\SmitfraudFix.exe RAR: infected - 1 skipped
C:\Documents and Settings\Austin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Austin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Austin\Local Settings\Application Data\Mozilla\Firefox\Profiles\yjkfjmvz.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Austin\Local Settings\Application Data\Mozilla\Firefox\Profiles\yjkfjmvz.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Austin\Local Settings\Application Data\Mozilla\Firefox\Profiles\yjkfjmvz.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Austin\Local Settings\Application Data\Mozilla\Firefox\Profiles\yjkfjmvz.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Austin\Local Settings\Application Data\Mozilla\Firefox\Profiles\yjkfjmvz.default\urlclassifier3.sqlite Object is locked skipped
C:\Documents and Settings\Austin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Austin\Local Settings\History\History.IE5\MSHist012008071920080720\index.dat Object is locked skipped
C:\Documents and Settings\Austin\Local Settings\Temp\etilqs_MHDFfhmY0K1FzJ86rZf5 Object is locked skipped
C:\Documents and Settings\Austin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Austin\ntuser.dat Object is locked skipped
C:\Documents and Settings\Austin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\SDFix\backups\backups.zip/backups/09iXV8.syz Infected: Rootkit.Win32.Agent.bby skipped
C:\SDFix\backups\backups.zip/backups/1.dflb Infected: Trojan-Downloader.Win32.Tibs.afo skipped
C:\SDFix\backups\backups.zip/backups/17PHolmes27.exe Infected: Trojan-Downloader.Win32.Homles.br skipped
C:\SDFix\backups\backups.zip/backups/1H1lDK.syz Infected: Rootkit.Win32.Agent.bby skipped
C:\SDFix\backups\backups.zip/backups/1oZJLu.syz Infected: Rootkit.Win32.Agent.bby skipped
C:\SDFix\backups\backups.zip/backups/2.dflb Infected: Hoax.Win32.Renos.vany skipped
C:\SDFix\backups\backups.zip/backups/4utfCa.syz Infected: Rootkit.Win32.Agent.bby skipped
C:\SDFix\backups\backups.zip/backups/6.dflb Infected: Trojan.Win32.Pakes.jvb skipped
C:\SDFix\backups\backups.zip/backups/7.dflb Infected: Trojan.Win32.Pakes.jvc skipped
C:\SDFix\backups\backups.zip/backups/aTwJSt.syz Infected: Rootkit.Win32.Agent.bby skipped
C:\SDFix\backups\backups.zip/backups/back.exe.exe Infected: Email-Worm.Win32.Zhelatin.aep skipped
C:\SDFix\backups\backups.zip/backups/dflgh8jkd2q1.exe Infected: Trojan-Downloader.Win32.Tibs.afo skipped
C:\SDFix\backups\backups.zip/backups/dflgh8jkd2q2.exe Infected: Hoax.Win32.Renos.vany skipped
C:\SDFix\backups\backups.zip/backups/dflgh8jkd2q6.exe Infected: Trojan.Win32.Pakes.jvb skipped
C:\SDFix\backups\backups.zip/backups/dflgh8jkd2q7.exe Infected: Trojan.Win32.Pakes.jvc skipped
C:\SDFix\backups\backups.zip/backups/GX6hev.syz Infected: Rootkit.Win32.Agent.bby skipped
C:\SDFix\backups\backups.zip/backups/ie_updater.exe Infected: Trojan-Downloader.Win32.Winlagons.aas skipped
C:\SDFix\backups\backups.zip/backups/ie_updates3r.exe Infected: Trojan-Downloader.Win32.Winlagons.aas skipped
C:\SDFix\backups\backups.zip/backups/jRBkES.syz Infected: Rootkit.Win32.Agent.bby skipped
C:\SDFix\backups\backups.zip/backups/lQ5TqG.syz Infected: Rootkit.Win32.Agent.bby skipped
C:\SDFix\backups\backups.zip/backups/m5XEKB.syz Infected: Rootkit.Win32.Agent.bby skipped
C:\SDFix\backups\backups.zip/backups/MQF2IC.syz Infected: Rootkit.Win32.Agent.bby skipped
C:\SDFix\backups\backups.zip/backups/pxD0Is.syz Infected: Rootkit.Win32.Agent.bby skipped
C:\SDFix\backups\backups.zip/backups/Q7CzzY.syz Infected: Rootkit.Win32.Agent.bby skipped
C:\SDFix\backups\backups.zip/backups/userinit.exe Infected: Trojan.Win32.Pakes.ddu skipped
C:\SDFix\backups\backups.zip/backups/v3xd1.g22me/data0000 Infected: Trojan-Downloader.Win32.Tibs.afp skipped
C:\SDFix\backups\backups.zip/backups/v3xd1.g22me Infected: Trojan-Downloader.Win32.Tibs.afp skipped
C:\SDFix\backups\backups.zip/backups/v4xd3.ga2me Infected: Trojan-Downloader.Win32.Small.xpq skipped
C:\SDFix\backups\backups.zip/backups/v4xd6.gam5e Infected: Trojan-Downloader.Win32.Small.yja skipped
C:\SDFix\backups\backups.zip/backups/v5xd2.g3ame/data0000 Infected: Trojan-Downloader.Win32.Agent.wlz skipped
C:\SDFix\backups\backups.zip/backups/v5xd2.g3ame Infected: Trojan-Downloader.Win32.Agent.wlz skipped
C:\SDFix\backups\backups.zip/backups/v6xdt4.game Infected: Trojan-Downloader.Win32.Tibs.afp skipped
C:\SDFix\backups\backups.zip/backups/vedxg4am1et2.exe Infected: Trojan-Downloader.Win32.Cntr.ioq skipped
C:\SDFix\backups\backups.zip/backups/vedxga1me4t1.exe Infected: Trojan-Downloader.Win32.Tibs.afn skipped
C:\SDFix\backups\backups.zip/backups/vedxga4m1et4.exe Infected: Trojan-Downloader.Win32.Tibs.afp skipped
C:\SDFix\backups\backups.zip/backups/vedxga4me1.exe/data0000 Infected: Trojan-Downloader.Win32.Tibs.afp skipped
C:\SDFix\backups\backups.zip/backups/vedxga4me1.exe Infected: Trojan-Downloader.Win32.Tibs.afp skipped
C:\SDFix\backups\backups.zip/backups/vedxga5me3.exe Infected: Trojan-Downloader.Win32.Small.xpq skipped
C:\SDFix\backups\backups.zip/backups/vx1dt1.game Infected: Trojan-Downloader.Win32.Tibs.afn skipped
C:\SDFix\backups\backups.zip/backups/vx1dt3.game Infected: Trojan-Downloader.Win32.Tibs.afq skipped
C:\SDFix\backups\backups.zip/backups/vx3dt2.game Infected: Trojan-Downloader.Win32.Cntr.ioq skipped
C:\SDFix\backups\backups.zip/backups/wpx15.cpx Infected: Trojan-Downloader.Win32.Cntr.ca skipped
C:\SDFix\backups\backups.zip/backups/wpx2.cpx Infected: Trojan.Win32.Pakes.ddu skipped
C:\SDFix\backups\backups.zip/backups/wpx25.cpx Infected: Trojan.Win32.Pakes.juv skipped
C:\SDFix\backups\backups.zip/backups/wpx27.cpx Infected: Email-Worm.Win32.Zhelatin.adt skipped
C:\SDFix\backups\backups.zip/backups/wpx29.cpx Infected: Trojan.Win32.Buzus.mey skipped
C:\SDFix\backups\backups.zip/backups/wpx34.cpx Infected: Trojan.Win32.Buzus.mly skipped
C:\SDFix\backups\backups.zip/backups/wpx35.cpx Infected: Trojan-Spy.Win32.Zbot.dhj skipped
C:\SDFix\backups\backups.zip/backups/wpx5.cpx Infected: Trojan-Downloader.Win32.Small.ykb skipped
C:\SDFix\backups\backups.zip ZIP: infected - 49 skipped
C:\SDFix\backups\catchme.zip/ntos.exe Infected: Trojan-Spy.Win32.Zbot.dhj skipped
C:\SDFix\backups\catchme.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP2\A0016066.exe Infected: Trojan-Downloader.Win32.Tibs.afo skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP2\A0016067.exe Infected: Hoax.Win32.Renos.vany skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP2\A0016069.exe Infected: Trojan.Win32.Pakes.jvb skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP2\A0016070.exe Infected: Trojan.Win32.Pakes.jvc skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP2\A0016094.exe Infected: Trojan-Downloader.Win32.Tibs.afo skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP2\A0016095.exe Infected: Hoax.Win32.Renos.vany skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP2\A0016097.exe Infected: Trojan.Win32.Pakes.jvb skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP2\A0016098.exe Infected: Trojan.Win32.Pakes.jvc skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP2\A0017099.exe Infected: Trojan.Win32.Patched.aa skipped
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP2\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\Software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\System Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
- Little preacher man.