Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Constructer virus??

  • 12-05-2008 1:38pm
    #1
    shaunab
    Closed Accounts Posts: 6


    hello, you helped my dad clear this laptop before but I've been given it and I think it's got a virus - he said I might get advice here and he will help with any instructions. It's xp pro and we don't have the original disc for it so we're not able to reformat it. It's acting really slow and spybot wont' work and comodo firewall won't work now either so we switched to the window;s one for the moment. any other advice appreciated.


Comments

  • #2
    aidan_walsh
    Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    Try the steps listed here.

    When you say that something "doesn't work" what exactly do you mean? What errors are you getting?


  • #3
    shaunab
    Closed Accounts Posts: 6 shaunab


    hi again,
    ok this is what I get...on AVG - changes in hosts file..

    C:windows/system32/driver/etc/hosts

    and in Spybot - i get -
    "problems in C:program files\spybot search and destroy\includes\trojans sbi

    Also the laptop takes absolutely ages to respond to anything and some of the online scanners won't allow me to scan - when Ipost this Im going to try the panda online scanner again and see what happens this time.

    thanks for your response, should I post a HiJack This Log?


  • #4
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Post the DSS logs


  • #5
    shaunab
    Closed Accounts Posts: 6 shaunab


    I ran the panda online scan also and have a copy of results saved if need them - thanks again





    Deckard's System Scanner v20071014.68
    Run by The Others on 2008-05-13 09:18:26
    Computer is in Normal Mode.



    -- HijackThis (run as The Others.exe)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:18:35, on 13/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\ibmpmsvc.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\aniServ.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Comodo\Firewall\cmdagent.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Comodo\Firewall\CPF.exe
    C:\WINDOWS\system32\wltray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\TrojanHunter 5.0\THGuard.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Belkin\F5D9010v4\Belkinwcui.exe
    C:\Program Files\NETGEAR\WPN111\wpn111.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\The Others\Desktop\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\THEOTH~1.EXE

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
    O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
    O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
    O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
    O4 - HKLM\..\Run: [wltray.exe] C:\WINDOWS\system32\wltray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Belkin Wireless Monitor.lnk = C:\Program Files\Belkin\F5D9010v4\Belkinwcui.exe
    O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Airgo Networks NIC Service (ANISERVICE) - Airgo Networks, Inc. - C:\WINDOWS\System32\aniServ.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 7541 bytes

    -- Files created between 2008-04-13 and 2008-05-13

    2008-05-12 16:34:34 0 d
    C:\Program Files\Panda Security
    2008-05-10 18:34:48 0 d
    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-05-10 18:34:46 0 d
    C:\WINDOWS\system32\Kaspersky Lab
    2008-05-09 14:09:40 0 dr-h
    C:\Documents and Settings\The Others\Recent
    2008-05-07 23:40:50 0 d
    C:\Documents and Settings\The Others\Application Data\Malwarebytes
    2008-05-07 23:40:40 0 d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-07 23:40:40 0 d
    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-07 23:40:06 0 d
    C:\Documents and Settings\The Others\Application Data\TrojanHunter
    2008-05-07 23:19:21 0 d
    C:\Program Files\Common Files\Download Manager
    2008-05-07 22:44:44 0 d
    C:\Program Files\TrojanHunter 5.0
    2008-05-07 22:11:30 2850 --a
    C:\WINDOWS\system32\tmp.reg
    2008-05-07 22:10:57 25600 --a
    C:\WINDOWS\system32\WS2Fix.exe
    2008-05-07 22:10:57 289144 --a
    C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
    2008-05-07 22:10:57 86528 --a
    C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
    2008-05-07 22:10:57 288417 --a
    C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
    2008-05-07 22:10:57 53248 --a
    C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
    2008-05-07 22:10:57 82944 --a
    C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
    2008-05-07 22:10:57 51200 --a
    C:\WINDOWS\system32\dumphive.exe
    2008-05-07 22:10:57 82944 --a
    C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; IEDFix>
    2008-05-07 21:56:27 0 d
    C:\Documents and Settings\The Others\Application Data\WinRAR
    2008-05-06 23:36:44 0 d
    C:\Program Files\LimeWire
    2008-05-03 20:37:19 0 d
    C:\Documents and Settings\The Others\Application Data\LimeWire
    2008-04-21 18:24:09 0 d
    C:\Program Files\Electronic Arts
    2008-04-16 17:36:04 0 d
    C:\Documents and Settings\The Others\Application Data\Sun


    -- Find3M Report

    2008-05-12 16:34:36 2695 --a----c- C:\WINDOWS\mozver.dat
    2008-05-12 14:39:39 0 d
    C:\Documents and Settings\The Others\Application Data\AVG7
    2008-05-07 23:19:21 0 d
    C:\Program Files\Common Files
    2008-05-06 22:35:25 0 d
    C:\Program Files\SpywareBlaster
    2008-04-14 22:19:51 0 d
    C:\Program Files\Mozilla Thunderbird
    2008-04-14 22:19:39 0 d
    C:\Program Files\Mozilla Firefox 3 Beta 3
    2008-04-14 22:17:37 0 d
    C:\Program Files\Foxit Software
    2008-04-14 16:53:47 0 d
    C:\Documents and Settings\The Others\Application Data\PC Suite
    2008-04-12 22:21:23 0 d
    C:\Program Files\EPSON
    2008-04-12 22:15:27 0 d
    C:\Program Files\Kodak
    2008-04-12 22:07:20 0 d--h
    C:\Program Files\InstallShield Installation Information
    2008-04-08 20:17:03 0 d
    C:\Program Files\Disney
    2008-04-07 21:40:04 0 d
    C:\Program Files\CCleaner
    2008-04-03 20:24:23 0 d
    C:\Program Files\Windows Live Toolbar
    2008-04-03 19:53:20 0 d
    C:\Program Files\Sun
    2008-04-03 19:53:10 0 d
    C:\Program Files\Java
    2008-04-03 19:34:07 0 d
    C:\Program Files\Common Files\Java
    2008-04-03 00:39:00 0 d
    C:\Program Files\Microsoft Works
    2008-04-03 00:37:59 0 d
    C:\Program Files\Microsoft.NET
    2008-04-01 23:46:43 0 d
    C:\Program Files\IrfanView
    2008-03-31 09:54:30 18622 --a
    C:\logfile
    2008-03-30 22:04:57 0 d
    C:\Program Files\iTunes
    2008-03-30 22:04:07 0 d
    C:\Program Files\iPod
    2008-03-30 22:03:32 0 d
    C:\Program Files\Bonjour
    2008-03-29 16:48:13 0 d
    C:\Program Files\MRU-Blaster
    2008-03-28 17:30:03 0 d
    C:\Program Files\EleFun Desktops
    2008-03-23 01:41:46 0 d
    C:\Documents and Settings\The Others\Application Data\Real


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [16/06/2004 11:53]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [16/06/2004 11:53]
    "IMJPMIG9.0"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.exe" [14/07/2003 23:57]
    "BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [25/08/2004 02:37]
    "BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [25/08/2004 02:37]
    "BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [25/08/2004 02:37]
    "COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [16/09/2007 21:06]
    "wltray.exe"="C:\WINDOWS\system32\wltray.exe" [08/06/2005 17:32]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [18/04/2008 22:00]
    "THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [25/03/2008 19:08]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/04/2008 15:02]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Belkin Wireless Monitor.lnk - C:\Program Files\Belkin\F5D9010v4\Belkinwcui.exe [25/01/2007 14:42:04]
    NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [05/06/2007 23:09:09]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterCheck Monitor.LNK]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterCheck Monitor.LNK
    backup=C:\WINDOWS\pss\InterCheck Monitor.LNKCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jessy^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=C:\Documents and Settings\Jessy\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sandra^Start Menu^Programs^Startup^MRU-Blaster Scheduler.lnk]
    path=C:\Documents and Settings\Sandra\Start Menu\Programs\Startup\MRU-Blaster Scheduler.lnk
    backup=C:\WINDOWS\pss\MRU-Blaster Scheduler.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sandra^Start Menu^Programs^Startup^MRU-Blaster Silent Clean.lnk]
    path=C:\Documents and Settings\Sandra\Start Menu\Programs\Startup\MRU-Blaster Silent Clean.lnk
    backup=C:\WINDOWS\pss\MRU-Blaster Silent Clean.lnkStartup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4000 Series]
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S116.tmp" /EF "HKCU"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
    "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
    C:\Program Files\Picasa2\PicasaMediaDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
    "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
    "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SweepUpdate"=2 (0x2)
    "SWEEPSRV.SYS"=2 (0x2)
    "SweepNet"=2 (0x2)


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
    rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmactedp.inf,PerUserStub



    -- End of Deckard's System Scanner: finished at 2008-05-13 09:18:58


  • #6
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Looks good

    Please do an online scan with Kaspersky WebScanner

    Click on Kaspersky Online Scanner and click Accept

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
        Extended (if available otherwise Standard)
      • Scan Options:
        Scan Archives
        Scan Mail Bases

        [*]Click OK
        [*]Now under select a target to scan:
          Select
        My Computer

        [*]This will program will start and scan your system.
        [*]The scan will take a while so be patient and let it run.
        [*]Once the scan is complete it will display if your system has been infected.
        • Now click on the Save as Text button:
        [*]Save the file to your desktop.
        [*]Copy and paste that information in your next post.


      • Advertisement
      • #7
        shaunab
        Closed Accounts Posts: 6 shaunab


        here is the results of the kapersky scan:eek:

        Tuesday, May 13, 2008 2:15:34 PM
        Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
        Kaspersky Online Scanner version: 5.0.98.0
        Kaspersky Anti-Virus database last update: 13/05/2008
        Kaspersky Anti-Virus database records: 768445

        Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true
        Scan Target My Computer C:\
        D:\
        Scan Statistics Total number of scanned objects 65656 Number of viruses found 8 Number of infected objects 44 Number of suspicious objects 0 Duration of the scan process 01:30:23
        Infected Object Name Virus Name Last Action C:\Deckard\System Scanner\20080403135804\backup\DOCUME~1\Sandra\LOCALS~1\Temp\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 0 Object is locked skipped
        C:\Deckard\System Scanner\20080403135804\backup\DOCUME~1\Sandra\LOCALS~1\Temp\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 1 Object is locked skipped
        C:\Deckard\System Scanner\20080403135804\backup\DOCUME~1\Sandra\LOCALS~1\Temp\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 2 Object is locked skipped
        C:\Deckard\System Scanner\20080403135804\backup\DOCUME~1\Sandra\LOCALS~1\Temp\WLTB Custom Button Feeds\microsoft.windowslive.addbtn.btn feed 3 Object is locked skipped
        C:\Deckard\System Scanner\20080403135804\backup\DOCUME~1\Sandra\LOCALS~1\Temp\WLTB Custom Button Feeds\microsoft.windowslive.news.btn feed 0 Object is locked skipped
        C:\Deckard\System Scanner\20080403135804\backup\DOCUME~1\Sandra\LOCALS~1\Temp\~DF283D.tmp Object is locked skipped
        C:\Deckard\System Scanner\20080403135804\backup\DOCUME~1\Sandra\LOCALS~1\Temp\~DF49CA.tmp Object is locked skipped
        C:\Deckard\System Scanner\20080403135804\backup\DOCUME~1\Sandra\LOCALS~1\Temp\~DFA9F5.tmp Object is locked skipped
        C:\Deckard\System Scanner\20080403135804\backup\DOCUME~1\Sandra\LOCALS~1\Temp\~DFD3D0.tmp Object is locked skipped
        C:\Deckard\System Scanner\20080403135804\extra.txt Object is locked skipped
        C:\Deckard\System Scanner\20080403135804\main.txt Object is locked skipped
        C:\Deckard\System Scanner\20080403135804\moved.txt Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Media Player\000140CD.wpl Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\MSO2057.acl Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\1.0.1.LNK Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\COE01069.LNK Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\index.dat Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Recent\Templates.LNK Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Word11.pip Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
        C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
        C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
        C:\Documents and Settings\Administrator\Desktop\QuickTime Player.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Favorites\Links\Customize Links.url Object is locked skipped
        C:\Documents and Settings\Administrator\Favorites\Links\Free Hotmail.url Object is locked skipped
        C:\Documents and Settings\Administrator\Favorites\Links\Windows Media.url Object is locked skipped
        C:\Documents and Settings\Administrator\Favorites\Links\Windows.url Object is locked skipped
        C:\Documents and Settings\Administrator\Favorites\MSN.com.url Object is locked skipped
        C:\Documents and Settings\Administrator\Favorites\Radio Station Guide.url Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\CD Burning\My Videos\Desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\HelpCtr\HelpSessionHistory.dat Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\wmpfolders.wmdb Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007040920070416\index.dat Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007041920070420\index.dat Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\diauto.tmp Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\GLC1.tmp Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\GLC2.tmp Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\GLC3.tmp Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\GLC4.tmp Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\GLC5.tmp Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\GLC6.tmp Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\GLC7.tmp Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\GLC8.tmp Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\GLC9.tmp Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\GLCA.tmp Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\GLCB.tmp Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\IMT2C.xml Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\IMT2D.xml Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\IMT2E.xml Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\IMT5C.xml Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\IMT5D.xml Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\IMT5E.xml Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\IMT5F.xml Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\IMT60.dtd Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\IMT61.xml Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\IMT62.xml Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\IMT63.xml Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temp\Office 11 Maintenance(0000).TXT Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\37PTM0ZK\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\37PTM0ZK\shared[1].css Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\37PTM0ZK\shared[2].css Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\37PTM0ZK\shared[3].css Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ENFMSI1N\Common[1].js Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ENFMSI1N\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ENFMSI1N\shared[1].css Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ENFMSI1N\shared[2].css Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ENFMSI1N\shared[3].css Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IRWP6WQS\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IRWP6WQS\shared[1].css Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IRWP6WQS\shared[2].css Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MCN3JXRD\Common[1].js Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MCN3JXRD\Common[2].js Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MCN3JXRD\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MCN3JXRD\Homepage__DESKTOP[1].js Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MCN3JXRD\Homepage__SHARED[1].js Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MCN3JXRD\shared[1].css Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MCN3JXRD\shared[2].css Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MCN3JXRD\wrapperparam[1].js Object is locked skipped
        C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\My Documents\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\My Documents\My Music\Desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\My Documents\My Music\Sample Music.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\My Documents\My Pictures\Desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\My Documents\My Videos\Desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
        C:\Documents and Settings\Administrator\NTUSER.DAT.LOG Object is locked skipped
        C:\Documents and Settings\Administrator\ntuser.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Recent\1.0.1.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Recent\BUILDXP.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Recent\CD Drive.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Recent\COE01069.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Recent\COE01069_UB ROI and FA - Update and View.mst.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Recent\Install.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Recent\installerxp.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Recent\Pbk.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Recent\rasphone.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Recent\RBS.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Recent\Sample Pictures.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Recent\Sunset.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Recent\Track01.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Recent\Track02.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Recent\Track04.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
        C:\Documents and Settings\Administrator\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
        C:\Documents and Settings\Administrator\SendTo\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\SendTo\Mail Recipient.MAPIMail Object is locked skipped
        C:\Documents and Settings\Administrator\SendTo\My Documents.mydocs Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
        C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
        C:\Documents and Settings\Administrator\Templates\amipro.sam Object is locked skipped
        C:\Documents and Settings\Administrator\Templates\excel.xls Object is locked skipped
        C:\Documents and Settings\Administrator\Templates\excel4.xls Object is locked skipped
        C:\Documents and Settings\Administrator\Templates\lotus.wk4 Object is locked skipped
        C:\Documents and Settings\Administrator\Templates\powerpnt.ppt Object is locked skipped
        C:\Documents and Settings\Administrator\Templates\presenta.shw Object is locked skipped
        C:\Documents and Settings\Administrator\Templates\quattro.wb2 Object is locked skipped
        C:\Documents and Settings\Administrator\Templates\sndrec.wav Object is locked skipped
        C:\Documents and Settings\Administrator\Templates\winword.doc Object is locked skipped
        C:\Documents and Settings\Administrator\Templates\winword2.doc Object is locked skipped
        C:\Documents and Settings\Administrator\Templates\wordpfct.wpd Object is locked skipped
        C:\Documents and Settings\Administrator\Templates\wordpfct.wpg Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
        C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1878.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1879.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1880.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1881.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1882.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1883.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1884.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1885.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1886.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1887.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1888.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1889.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1890.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1891.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1892.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1893.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1894.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1895.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1896.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1897.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\2008-01-21\100_1898.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1878.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1879.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1880.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1881.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1882.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1883.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1884.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1885.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1886.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1887.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1888.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1889.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1890.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1891.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1892.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1893.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1894.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1895.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1896.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1897.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1898.jpg Object is locked skipped
        C:\Documents and Settings\All Users\Documents\My Pictures\Kodak Pictures\C633 Zoom Digital Camera\100_1934.mov Object is locked skipped
        C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
        C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped
        C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
        C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
        C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
        C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped
        C:\Documents and Settings\The Others\Cookies\index.dat Object is locked skipped
        C:\Documents and Settings\The Others\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
        C:\Documents and Settings\The Others\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
        C:\Documents and Settings\The Others\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
        C:\Documents and Settings\The Others\Local Settings\History\History.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\The Others\Local Settings\Temp\~DF5DD.tmp Object is locked skipped
        C:\Documents and Settings\The Others\Local Settings\Temp\~DF6452.tmp Object is locked skipped
        C:\Documents and Settings\The Others\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
        C:\Documents and Settings\The Others\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
        C:\Documents and Settings\The Others\My Documents\Downloads\SmitfraudFix\IEDFix.exe Infected: Constructor.Win32.Binder.bn skipped
        C:\Documents and Settings\The Others\My Documents\Downloads\SmitfraudFix.exe/SmitfraudFix/IEDFix.exe Infected: Constructor.Win32.Binder.bn skipped
        C:\Documents and Settings\The Others\My Documents\Downloads\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
        C:\Documents and Settings\The Others\My Documents\Downloads\SmitfraudFix.exe RAR: infected - 2 skipped
        C:\Documents and Settings\The Others\NTUSER.DAT Object is locked skipped
        C:\Documents and Settings\The Others\NTUSER.DAT.LOG Object is locked skipped
        C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP259\A0099559.exe/file3614 Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP259\A0099559.exe/file3793 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP259\A0099559.exe/file3795 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP259\A0099559.exe/file3798 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP259\A0099559.exe/file3851 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP259\A0099559.exe/file3854 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP259\A0099559.exe/file3855 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP259\A0099559.exe/file3856 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP259\A0099559.exe/file4095/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP259\A0099559.exe/file4095/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP259\A0099559.exe/file4095/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP259\A0099559.exe/file4095 Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP259\A0099559.exe Inno: infected - 12 skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP274\A0106982.exe/SmitfraudFix/IEDFix.exe Infected: Constructor.Win32.Binder.bn skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP274\A0106982.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP274\A0106982.exe RAR: infected - 2 skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP274\A0106988.exe Infected: Constructor.Win32.Binder.bn skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP274\A0107005.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP274\A0107006.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP274\A0107006.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP274\A0107006.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP274\A0107006.exe RarSFX: infected - 3 skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP274\A0107007.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP274\A0107009.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP274\A0107010.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP274\A0107010.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP274\A0107010.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP274\A0107010.exe RarSFX: infected - 3 skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP274\A0107011.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
        C:\System Volume Information\_restore{83300D33-5FAB-49B3-BE4A-939BF51BA039}\RP275\change.log Object is locked skipped
        C:\UBCD\UBCD4Win\BartPE\programs\ultravnc\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
        C:\UBCD\UBCD4Win\BartPE\programs\ultravnc\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
        C:\UBCD\UBCD4Win\BartPE\programs\vncserver\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
        C:\UBCD\UBCD4Win\BartPE\programs\vncserver\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
        C:\UBCD2\UBCD4Win\BartPE\I386\SYSTEM32\WM_HOOKS.DLL Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
        C:\UBCD2\UBCD4Win\BartPE\PROGRAMS\ultravnc\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped
        C:\UBCD2\UBCD4Win\BartPE\PROGRAMS\ultravnc\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped
        C:\UBCD2\UBCD4Win\BartPE\PROGRAMS\vncserver\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
        C:\UBCD2\UBCD4Win\BartPE\PROGRAMS\vncserver\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
        C:\WINDOWS\$NtUninstallKB321936$\cscdll.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB321936$\mrxsmb.sys Object is locked skipped
        C:\WINDOWS\$NtUninstallKB321936$\rdbss.sys Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\itircl.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\ole32.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\rpcrt4.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\rpcss.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\dao360.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\expsrv.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\msexch40.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\msexcl40.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\msjet40.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\msjetol1.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\msjetoledb40.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\msjint40.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\msjter40.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\msjtes40.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\msltus40.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\mspbde40.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\msrd2x40.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\msrd3x40.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\msrepl40.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\mstext40.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\mswdat10.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\mswstr10.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\msxbde40.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB829558$\vbajet32.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf Object is locked skipped
        C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
        C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
        C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
        C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
        C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
        C:\WINDOWS\SchedLgU.Txt Object is locked skipped
        C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
        C:\WINDOWS\Sti_Trace.log Object is locked skipped
        C:\WINDOWS\system32\404Fix.exe Infected: Constructor.Win32.Binder.bn skipped
        C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
        C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
        C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
        C:\WINDOWS\system32\config\default Object is locked skipped
        C:\WINDOWS\system32\config\default.LOG Object is locked skipped
        C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
        C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
        C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
        C:\WINDOWS\system32\config\SAM Object is locked skipped
        C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
        C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
        C:\WINDOWS\system32\config\SECURITY Object is locked skipped
        C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
        C:\WINDOWS\system32\config\software Object is locked skipped
        C:\WINDOWS\system32\config\software.LOG Object is locked skipped
        C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
        C:\WINDOWS\system32\config\system Object is locked skipped
        C:\WINDOWS\system32\config\system.LOG Object is locked skipped
        C:\WINDOWS\system32\h323log.txt Object is locked skipped
        C:\WINDOWS\system32\IEDFix.exe Infected: Constructor.Win32.Binder.bn skipped
        C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
        C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
        C:\WINDOWS\wiadebug.log Object is locked skipped
        C:\WINDOWS\wiaservc.log Object is locked skipped
        C:\WINDOWS\WindowsUpdate.log Object is locked skipped
        Scan process completed.


      • #8
        ActorSeeksJob
        Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        Your logs are clean ! We need to do a few things

        Now we need to create a new System Restore point.

        Click Start Menu > Run > type (or copy and paste)

        %SystemRoot%\System32\restore\rstrui.exe

        Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

        Next goto Start Menu > Run > type

        cleanmgr

        Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

        To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



        You can delete the tools that we used



        You now need to update your Java and remove your older versions.

        Please follow these steps to remove older version Java components.

        * Click Start > Control Panel.
        * Click Add/Remove Programs.
        * Check any item with Java Runtime Environment (JRE) in the name.
        * Click the Remove or Change/Remove button.

        Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
        here



        Below I have included a number of recommendations for how to protect your computer against malware infections.

        * Keep Windows updated by regularly checking their website at :
        http://windowsupdate.microsoft.com/
        This will ensure your computer has always the latest security updates available installed on your computer.

        * To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
        SpywareBlaster protects against bad ActiveX
        IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
        Have a look at this tutorial for IE-Spyad here

        * SpywareGuard offers realtime protection from spyware installation attempts.

        Make Internet Explorer more secure
        • Click Start > Run
        • Type Inetcpl.cpl & click OK
        • Click on the Security tab
        • Click Reset all zones to default level
        • Make sure the Internet Zone is selected & Click Custom level
        • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
        • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

        * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

        * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
        secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
        blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
        Here

        * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
        Here

        Thank you for your patience, and performing all of the procedures requested.


      • #9
        shaunab
        Closed Accounts Posts: 6 shaunab


        ok - done !

        thats cool - thanks for very swift reply:D safe surfing


      Advertisement