Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Viruses Galore...help!

  • 14-06-2009 3:18am
    #1
    Closed Accounts Posts: 8


    Okay, this morning I got a virus and as it started I saw my avast shut down, and now I get an error anytime I run it. I followed all of the directions in the sticky to the board:

    Comedian - Ran

    TFC - Ran

    MBAM log:

    Malwarebytes' Anti-Malware 1.37
    Database version: 2273
    Windows 6.0.6001 Service Pack 1
    6/13/2009 6:34:29 PM
    mbam-log-2009-06-13 (18-34-29).txt
    Scan type: Quick Scan
    Objects scanned: 79507
    Time elapsed: 4 minute(s), 59 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 3
    Registry Data Items Infected: 0
    Folders Infected: 2
    Files Infected: 47
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\111111s1ro1s1a (Rootkit.Bagle) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\111111s1ro1s1a (Rootkit.Bagle) -> Quarantined and deleted successfully.
    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\german.exe (Rootkit.Bagle) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drvsyskit (Rootkit.Bagle) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mule_st_key (Rootkit.Bagle) -> Delete on reboot.
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    c:\Users\Nick\AppData\Roaming\m (Trojan.Agent) -> Delete on reboot.
    c:\Users\Nick\AppData\Roaming\drivers\downld (Worm.Bagle) -> Quarantined and deleted successfully.
    Files Infected:
    c:\Users\Nick\AppData\Roaming\m\data.oct (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\m\list.oct (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\m\srvlist.oct (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\214563.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\222722.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\228978.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\240959.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\244952.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\283547.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\284093.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\284592.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\286386.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\287213.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\287229.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\293687.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\294155.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\294420.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\294732.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\303531.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\313109.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\323904.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\326276.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\327383.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\327508.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\369909.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\380486.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\484211.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\485350.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\486629.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\489000.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\490014.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\490030.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\494538.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\495958.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\496769.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\498157.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\509093.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\542992.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\585970.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\587172.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\downld\587452.exe (Worm.Bagle) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\winupgro.exe (Trojan.Agent) -> Delete on reboot.
    C:\Windows\System32\mdelk.exe (Trojan.Spammer) -> Quarantined and deleted successfully.
    C:\Windows\System32\wintems.exe (Trojan.Spammer) -> Delete on reboot.
    c:\Users\Nick\AppData\Roaming\m\flec006.exe (Trojan.Agent) -> Delete on reboot.
    c:\Users\Nick\AppData\Roaming\drivers\11s11ro1s1a2.sys (Rootkit.Bagle.KillAV) -> Quarantined and deleted successfully.
    c:\Users\Nick\AppData\Roaming\drivers\111wfs1intwq.sys (Rootkit.Bagle) -> Quarantined and deleted successfully.

    SuperAntiSpyware:
    I get an error stating that superantispyware.exe is not a valid Win32 application (same error I get when I try to start avast)

    Windows Update:
    Ran it and installed updates, although I got an error "Code 80070422"

    HiJack This:
    Same error as superantispyware and avast

    Rooter log:
    Rooter.exe (v1.0) by Eric_71
    ¨
    Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1
    32_bits - x86 Family 15 Model 107 Stepping 1, AuthenticAMD
    ¨
    C:\ [Fixed-NTFS] .. ( Total:294955 Mo - Free:172928 Mo )
    D:\ [Fixed-NTFS] .. ( Total:10239 Mo - Free:6438 Mo )
    E:\ [CD_Rom]
    ¨
    Scan : 23:07.58
    Path : C:\Users\Nick\Desktop\Rooter.exe
    User : Nick ( Administrator -> YES )
    ¨
    \\ Processes
    ¨
    Locked [System Process] (0)
    Locked System (4)
    ______ \SystemRoot\System32\smss.exe (436)
    ______ C:\Windows\system32\csrss.exe (580)
    ______ C:\Windows\system32\wininit.exe (632)
    ______ C:\Windows\system32\csrss.exe (644)
    ______ C:\Windows\system32\winlogon.exe (680)
    ______ C:\Windows\system32\services.exe (712)
    ______ C:\Windows\system32\lsass.exe (728)
    ______ C:\Windows\system32\lsm.exe (756)
    ______ C:\Windows\system32\svchost.exe (884)
    ______ C:\Windows\system32\nvvsvc.exe (936)
    ______ C:\Windows\system32\svchost.exe (964)
    ______ C:\Windows\System32\svchost.exe (1008)
    ______ C:\Windows\System32\svchost.exe (1092)
    ______ C:\Windows\system32\svchost.exe (1112)
    Locked audiodg.exe (1232)
    ______ C:\Windows\system32\SLsvc.exe (1264)
    ______ C:\Windows\system32\svchost.exe (1288)
    ______ C:\Windows\system32\rundll32.exe (1392)
    ______ C:\Windows\system32\svchost.exe (1452)
    ______ C:\Windows\System32\spoolsv.exe (1680)
    ______ C:\Windows\system32\svchost.exe (1708)
    ______ C:\Windows\system32\taskeng.exe (1888)
    ______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1956)
    ______ C:\Program Files\Bonjour\mDNSResponder.exe (1976)
    ______ C:\Program Files\Kodak\AiO\center\KodakSvc.exe (2016)
    ______ C:\Windows\system32\svchost.exe (944)
    ______ C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (1104)
    ______ C:\Windows\system32\svchost.exe (1488)
    ______ C:\Program Files\Viewpoint\Common\ViewpointService.exe (1784)
    ______ C:\Windows\System32\svchost.exe (1832)
    ______ C:\Windows\system32\SearchIndexer.exe (852)
    ______ C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe (1884)
    ______ C:\Windows\system32\taskeng.exe (2476)
    ______ C:\Windows\system32\Dwm.exe (2536)
    ______ C:\Windows\Explorer.EXE (2576)
    ______ C:\Windows\RtHDVCpl.exe (3204)
    ______ C:\Windows\System32\ico.exe (3212)
    ______ C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (3228)
    ______ C:\Windows\System32\Pmxmiced.exe (3260)
    ______ C:\Windows\System32\rundll32.exe (3364)
    ______ C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (3372)
    ______ C:\Program Files\AIM6\aim6.exe (3388)
    ______ C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (3428)
    ______ C:\Windows\system32\SearchProtocolHost.exe (2556)
    ______ C:\Windows\system32\SearchFilterHost.exe (2760)
    ______ C:\Program Files\AIM6\aolsoftware.exe (3224)
    ______ C:\Program Files\Internet Explorer\iexplore.exe (1732)
    ______ C:\Users\Nick\Desktop\Rooter.exe (3716)
    ¨
    \\ Device\Harddisk0\
    ¨
    \Device\Harddisk0 [Sectors : 63 x 512 Bytes]
    ¨
    \Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:49319424)
    \Device\Harddisk0\Partition2 (Start_Offset:50331648 | Length:10737418240)
    \Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:10787749888 | Length:309283782656)
    ¨
    \\ Scheduled Tasks
    ¨
    C:\Windows\Tasks\Norton Security Scan for Nick.job
    C:\Windows\Tasks\SA.DAT
    C:\Windows\Tasks\SCHEDLGU.TXT
    ¨
    \\ Registry
    ¨
    ¨
    \\ Files & Folders
    ¨
    C:\Users\Nick\AppData\Roaming\m
    C:\Users\Nick\AppData\Roaming\drivers
    C:\Windows\system32\mdelk.exe
    C:\Windows\system32\ban_list.txt
    C:\Windows\system32\mdelk.exe <- Hidden file !!
    C:\Windows\system32\wintems.exe <- Hidden file !!
    ==> Bagle <==
    ¨
    \\ Scan completed at 23:08.25
    ¨
    C:\Rooter$\Rooter_1.txt - (13/06/2009 | 23:08.25)


    Whatever I need to do to fix this let me know. Thank you soooo much for your help!


Comments

  • Moderators, Category Moderators, Science, Health & Environment Moderators, Society & Culture Moderators Posts: 47,537 CMod ✭✭✭✭Black Swan


    njlw226 wrote: »
    Okay, this morning I got a virus and as it started I saw my avast shut down, and now I get an error anytime I run it.
    Have you tried rebooting while keying F8, and then scan in safe mode?


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    hi

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
    1. If you are using Firefox, make sure that your download settings are as follows:
      • Tools->Options->Main tab
      • Set to "Always ask me where to Save the files".
    2. During the download, rename Combofix to Combo-Fix as follows:

      CF_download_FF.gif

      CF_download_rename.gif

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    7. Double click on combo-Fix.exe & follow the prompts.
    8. When finished, it will produce a report for you.
    9. Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


  • Closed Accounts Posts: 8 njlw226


    Thanks you both for your responses.

    Blue: Yes, I booted it in safe mode and tried to run the scans but got the same errors.

    Actor: I downloaded and renamed just as you said. The only programs I needed to kill were avast and norton. My computer wouldn't let me follow the directions to do so because icons werent in the systray, and when I try to start them, I get the Win32 error.

    Any other ideas? Thanks again in advance...


  • Moderators, Category Moderators, Science, Health & Environment Moderators, Society & Culture Moderators Posts: 47,537 CMod ✭✭✭✭Black Swan


    njlw226 wrote: »
    The only programs I needed to kill were avast and norton.
    Are you running two AV programmes? If so, this could be part of your problem, as well as increasing your vulnerabilities?


  • Closed Accounts Posts: 8 njlw226


    Blue: I typically only run Avast. Norton was pre-installed on my PC and is there, but it doesn't usually run.

    Actor: I was able to run Combo-Fix...here is the log:

    ComboFix 09-06-13.09 - Nick 06/14/2009 13:18.1 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1982.1396 [GMT -4:00]
    Running from: c:\users\Nick\Desktop\Combo-Fix.exe
    AV: avast! antivirus 4.8.1296 [VPS 081216-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    SP: avast! antivirus 4.8.1296 [VPS 081216-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
    c:\users\Nick\AppData\Roaming\drivers\downld
    c:\users\Nick\AppData\Roaming\m
    c:\program files\DellSupport\DSAgnt.exe
    c:\users\Nick\AppData\Roaming\drivers\111wfs1intwq.sys
    c:\users\Nick\AppData\Roaming\Drivers\11s11ro1s1a2.sys
    c:\users\Nick\AppData\Roaming\drivers\downld\1016471.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\1019934.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\1023163.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\1026018.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\1028592.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\1033740.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\1034551.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\1034785.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\1036080.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\104567.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\1045986.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\1108574.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\1142114.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\1147917.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\1149196.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\1149462.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\115518.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\120183.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14726962.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14741252.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14748069.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14750190.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14760611.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14764277.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14810157.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14811078.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14812029.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14814400.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14814463.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14818644.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14819065.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14819252.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14820656.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14828222.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14828597.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14841467.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14846349.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14848424.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14849189.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14861981.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14865382.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14869968.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14873993.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14874539.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14874773.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14897767.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14899125.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14899717.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14902151.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14902198.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14907034.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14907564.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14907751.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14909249.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14919280.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14944942.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14971369.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14975503.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14976033.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\14976205.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\157529.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\157763.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\159729.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\161305.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\162303.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\165361.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\173051.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\179447.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\185204.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\209384.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\210398.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\211162.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\213721.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\214189.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\214579.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\214594.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\215390.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\216264.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\218791.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\219384.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\224267.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\224844.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\225405.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\226856.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\236747.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\240413.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\241021.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\241302.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\241895.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\252581.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\262300.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\268961.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\277307.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\281769.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\284265.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\291113.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29376595.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29394082.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29398450.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29402272.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29416188.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29421024.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29454657.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29455609.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29456186.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29458370.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29458386.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29464158.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29464579.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29464798.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29473471.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29496715.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29522097.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29526824.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29527385.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\29527588.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\318881.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\320363.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\321518.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\321814.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\324107.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\324638.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\324981.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\325948.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\326244.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\326385.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\329193.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\330082.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\335823.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\336650.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\337040.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\337461.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\346821.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\378630.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\418316.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\423870.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\427614.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\43928758.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\43930380.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\43933687.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\43938243.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\43952049.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\43957946.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\43988366.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\43989115.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\43989676.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\43991891.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\43992827.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\43998209.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\43999083.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\43999364.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\44006587.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\44028052.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\44053590.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\44060610.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\44061827.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\44061983.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\75083.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\77407.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\931310.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\934321.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\944882.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\957908.exe
    c:\users\Nick\AppData\Roaming\drivers\downld\961558.exe
    c:\users\Nick\AppData\Roaming\drivers\winupgro.exe
    c:\users\Nick\AppData\Roaming\inst.exe
    c:\users\Nick\AppData\Roaming\m\data.oct
    c:\users\Nick\AppData\Roaming\m\flec006.exe
    c:\users\Nick\AppData\Roaming\m\list.oct
    c:\users\Nick\AppData\Roaming\m\shared\AbyssMedia_Audio_Converter_Plus_3.31_[Serial].zip
    c:\users\Nick\AppData\Roaming\m\shared\Advanced LAN Scanner 1.0 Beta 1.zip
    c:\users\Nick\AppData\Roaming\m\shared\Advanced RSS2Email Professional 3.1.58.zip
    c:\users\Nick\AppData\Roaming\m\shared\Adwords_Exact_File_Resizer_1.0_[Key].zip
    c:\users\Nick\AppData\Roaming\m\shared\AfterShocked 1.20.zip
    c:\users\Nick\AppData\Roaming\m\shared\Age_of_Mythology_-_Gargarensis_Updated_scenario.zip
    c:\users\Nick\AppData\Roaming\m\shared\Aimersoft Zune Converter Suite 1.1.55.zip
    c:\users\Nick\AppData\Roaming\m\shared\AIV Startup Protector 1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Alcoon VideoViewer 3.35.zip
    c:\users\Nick\AppData\Roaming\m\shared\Altair 1.0 Rev.16.zip
    c:\users\Nick\AppData\Roaming\m\shared\AnalyzerXL_5.9.11.zip
    c:\users\Nick\AppData\Roaming\m\shared\Animated_Beginning_Typing_1.20_(KeyGen).zip
    c:\users\Nick\AppData\Roaming\m\shared\Anvsoft_3GP_Photo_Slideshow_1.12.zip
    c:\users\Nick\AppData\Roaming\m\shared\Ashampoo_UnInstaller_Platinum_Suite_2.81.zip
    c:\users\Nick\AppData\Roaming\m\shared\Asian Beauties 1 Screen Saver 3.zip
    c:\users\Nick\AppData\Roaming\m\shared\Atomic_Miranda_Password_Recovery_1.10_[With_Crack].zip
    c:\users\Nick\AppData\Roaming\m\shared\Autostitch 2.187 [Cracked].zip
    c:\users\Nick\AppData\Roaming\m\shared\Azrael's Tear demo.zip
    c:\users\Nick\AppData\Roaming\m\shared\BackEdit_11.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Beautiful Snow Demo Screensaver 1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Big Birds Screensaver 1.0 Key+Serial.zip
    c:\users\Nick\AppData\Roaming\m\shared\BigButtons_1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\BitTorrent 6.1.2 Build 15169.zip
    c:\users\Nick\AppData\Roaming\m\shared\Blue Fantasy 1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Celtic_Kings_Rage_of_War_patch_1.16.zip
    c:\users\Nick\AppData\Roaming\m\shared\Cheesy_Chess_2.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Complete Time Tracking Professional 2.52.zip
    c:\users\Nick\AppData\Roaming\m\shared\Coral Fish Screensaver 1.04.zip
    c:\users\Nick\AppData\Roaming\m\shared\CostOS_Estimating_Standard_Edition_1.5.21_With_Crack.zip
    c:\users\Nick\AppData\Roaming\m\shared\Cryptgine_Archiver_1.05.zip
    c:\users\Nick\AppData\Roaming\m\shared\Crystal Alloy Fusion - Blue 3.0.7.zip
    c:\users\Nick\AppData\Roaming\m\shared\Currency_Converter_Opera_Widget_1.zip
    c:\users\Nick\AppData\Roaming\m\shared\dbQwikReport_Pro_1.1.zip
    c:\users\Nick\AppData\Roaming\m\shared\DDCDes_2.0.0.1.zip
    c:\users\Nick\AppData\Roaming\m\shared\DEKSI_Network_Inventory_5.3.zip
    c:\users\Nick\AppData\Roaming\m\shared\Digi.Lite 1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Digital Cookbook Plus Edition 4.02.zip
    c:\users\Nick\AppData\Roaming\m\shared\DirectX_Eradicator_2.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Ducky 1.00.zip
    c:\users\Nick\AppData\Roaming\m\shared\Electra_1.5.zip
    c:\users\Nick\AppData\Roaming\m\shared\FATMon 3.2.0.6 [Serial].zip
    c:\users\Nick\AppData\Roaming\m\shared\File_Association_Manager_2.zip
    c:\users\Nick\AppData\Roaming\m\shared\FileOrganiser 1.22.zip
    c:\users\Nick\AppData\Roaming\m\shared\Fix_Broken_Links_for_Excel_1.1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Free Download Manager 2.5 Build 700.zip
    c:\users\Nick\AppData\Roaming\m\shared\Free Website Hits Counter 1.2.zip
    c:\users\Nick\AppData\Roaming\m\shared\Future_City_3D_Screensaver_1.0_[KeyGen].zip
    c:\users\Nick\AppData\Roaming\m\shared\Gogo_DVD_To_Ipod_Converter_1.3.8.zip
    c:\users\Nick\AppData\Roaming\m\shared\Google search bar 1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Guide 2 Aromatherapy 1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Guitarz_6.5.zip
    c:\users\Nick\AppData\Roaming\m\shared\Handy Free Clock 1.3.zip
    c:\users\Nick\AppData\Roaming\m\shared\Hexa Viewer 1.0.0.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Hot_Keys_1.0_(KeyGen).zip
    c:\users\Nick\AppData\Roaming\m\shared\I-Net Email ID Extractor 1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\iBrowse_1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\iFox 3.0.3.zip
    c:\users\Nick\AppData\Roaming\m\shared\ImageFlip 1.1.zip
    c:\users\Nick\AppData\Roaming\m\shared\iNeeda_Password_&_Tracker_Pro_3.3_Key.zip
    c:\users\Nick\AppData\Roaming\m\shared\Insider_TA_5.4.zip
    c:\users\Nick\AppData\Roaming\m\shared\Inventory_Power_3.2.zip
    c:\users\Nick\AppData\Roaming\m\shared\iPod Video Converter 1.0.0.8.zip
    c:\users\Nick\AppData\Roaming\m\shared\JoinLine 1.9.30.zip
    c:\users\Nick\AppData\Roaming\m\shared\Kaspersky.AntiSpam.key.zip
    c:\users\Nick\AppData\Roaming\m\shared\Kaspersky.Antivirus.zip
    c:\users\Nick\AppData\Roaming\m\shared\KeyManager 1.3.zip
    c:\users\Nick\AppData\Roaming\m\shared\Kids Web Menu 1.4.zip
    c:\users\Nick\AppData\Roaming\m\shared\Living_Globe_1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\MassRenamer 1.0.7.zip
    c:\users\Nick\AppData\Roaming\m\shared\MaxxHi5 Delay 1.zip
    c:\users\Nick\AppData\Roaming\m\shared\Michael Moore's Must read List 1.0.0.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Miracle_Mongers_and_Their_Methods_1.0_Key.zip
    c:\users\Nick\AppData\Roaming\m\shared\MP4 MP3 Converter 3.1 Build 827.zip
    c:\users\Nick\AppData\Roaming\m\shared\Net-It_Batch_1.0.0.019_Key.zip
    c:\users\Nick\AppData\Roaming\m\shared\Nocturne_demo_#1.zip
    c:\users\Nick\AppData\Roaming\m\shared\Noisy_Keyboard_3.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\NutriGenie Lower High Blood Pressure 4.4a.zip
    c:\users\Nick\AppData\Roaming\m\shared\O&O_BlueCon_XXL_5_build_414.zip
    c:\users\Nick\AppData\Roaming\m\shared\One EZ Loan Calculator 1.1.zip
    c:\users\Nick\AppData\Roaming\m\shared\Options_Czar.zip
    c:\users\Nick\AppData\Roaming\m\shared\PC_FileRename_1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\PDF2EXE 2.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\PhonerLite 1.22.zip
    c:\users\Nick\AppData\Roaming\m\shared\PicoAuction-Explorer_1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\PLT Import for SolidWorks 1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\QPlot_1.2.4286.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Rebex ZlibStream for .NET 1.0.3428.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Rental Property Manager 2 2.16.1.132.zip
    c:\users\Nick\AppData\Roaming\m\shared\Rise_of_Nations_Prokhorovka_Map.zip
    c:\users\Nick\AppData\Roaming\m\shared\RoboGEO 5.3.zip
    c:\users\Nick\AppData\Roaming\m\shared\ROM_With_a_View_3.4_Build_3004.zip
    c:\users\Nick\AppData\Roaming\m\shared\RoomDex_1.6_(Crack).zip
    c:\users\Nick\AppData\Roaming\m\shared\RTL2_1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Sad_Souls_Icons_1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Screen Monkey 2.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\SenderOK 1.029.zip
    c:\users\Nick\AppData\Roaming\m\shared\Serif_DrawPlus_4.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Sixth_Sense_POS_6.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Slap 1.2.2.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\SmileIDE Beta 1.zip
    c:\users\Nick\AppData\Roaming\m\shared\Snowstorm Screensaver 1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Soaring_Eagles_1_[With_Crack].zip
    c:\users\Nick\AppData\Roaming\m\shared\Solid PDF Creator 1.1 build 052.zip
    c:\users\Nick\AppData\Roaming\m\shared\Sort Music Pro 4.72.zip
    c:\users\Nick\AppData\Roaming\m\shared\SortPlaces 1.5.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Static Outlook Backup 2.9c.zip
    c:\users\Nick\AppData\Roaming\m\shared\Super_Guitar_Chord_Finder_5.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\SWF_Sound_Automation_Tool_2.7.zip
    c:\users\Nick\AppData\Roaming\m\shared\Swifty Compress & Swifty Decompress 1.1.zip
    c:\users\Nick\AppData\Roaming\m\shared\Tera TextEditor 3.7.440.zip
    c:\users\Nick\AppData\Roaming\m\shared\THcalc 1.7.zip
    c:\users\Nick\AppData\Roaming\m\shared\The Lords 1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\The_Essence_of_the_Bhagavad_Gita_1.zip
    c:\users\Nick\AppData\Roaming\m\shared\Tribune Font PostScript 1.51.zip
    c:\users\Nick\AppData\Roaming\m\shared\TypingQueen_6.2.zip
    c:\users\Nick\AppData\Roaming\m\shared\ubGrid 1.2.4.zip
    c:\users\Nick\AppData\Roaming\m\shared\Ultra_Assault_1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Unreal_Tournament_2003_-_House_of_Cthon_2_deathmatch_map.zip
    c:\users\Nick\AppData\Roaming\m\shared\URLMaker 3.0.2.zip
    c:\users\Nick\AppData\Roaming\m\shared\VLButtonBar_3.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\VORG_Team_1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Wallpapers Manager 0.4.zip
    c:\users\Nick\AppData\Roaming\m\shared\Web_Editor_PRO_1.03_(Serial).zip
    c:\users\Nick\AppData\Roaming\m\shared\Wereldomroep_News_Clock_2.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\WifiRadio_2.0.1.zip
    c:\users\Nick\AppData\Roaming\m\shared\Wkspycon 1.0.zip
    c:\users\Nick\AppData\Roaming\m\shared\Worldwide Newspapers Reader 4.1.21.zip
    c:\users\Nick\AppData\Roaming\m\shared\X360 Tiff Image & Fax Viewer ActiveX Control 2.zip
    c:\users\Nick\AppData\Roaming\m\shared\XPather_1.3.zip
    c:\users\Nick\AppData\Roaming\m\srvlist.oct
    c:\windows\system32\ban_list.txt
    c:\windows\system32\mdelk.exe
    c:\windows\system32\Urncbc.dll
    c:\windows\system32\wintems.exe
    BITS: Possible infected sites
    hxxp://download.kodak.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    \Service_111111S1RO1S1A
    \Legacy_111111S1RO1S1A
    \Legacy_111111S1RO1S1A
    \Legacy_SK9OU0S

    ((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
    .
    2009-06-14 17:23 . 2009-06-14 17:26
    d
    w- c:\users\Nick\AppData\Local\temp
    2009-06-14 03:08 . 2009-06-14 03:09
    d
    w- C:\Rooter$
    2009-06-14 03:06 . 2009-06-14 03:06
    d
    w- c:\program files\Trend Micro
    2009-06-13 22:47 . 2009-06-13 22:47
    d
    w- c:\program files\SUPERAntiSpyware
    2009-06-13 22:47 . 2009-06-13 22:47
    d
    w- c:\users\Nick\AppData\Roaming\SUPERAntiSpyware.com
    2009-06-13 22:46 . 2009-06-13 22:46
    d
    w- c:\program files\Common Files\Wise Installation Wizard
    2009-06-13 22:15 . 2009-06-13 22:15
    d
    w- c:\program files\ERUNT
    2009-06-13 20:14 . 2009-06-13 20:14
    d
    w- c:\users\Nick\AppData\Roaming\Malwarebytes
    2009-06-13 20:14 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-13 20:14 . 2009-06-13 22:28
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-06-13 20:14 . 2009-06-13 20:14
    d
    w- c:\programdata\Malwarebytes
    2009-06-13 20:14 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-06-13 16:16 . 2009-06-13 16:16
    d
    w- c:\windows\Sun
    2009-06-13 15:24 . 2009-06-14 17:22
    d--h--w- c:\users\Nick\AppData\Roaming\drivers
    2009-06-10 01:15 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
    2009-06-10 01:15 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
    2009-05-17 23:05 . 2009-05-17 23:05
    d
    w- c:\programdata\kds_kodak
    2009-05-17 23:05 . 2009-05-17 23:05
    d
    w- c:\users\Nick\AppData\Local\Eastman_Kodak_Company
    2009-05-16 18:54 . 2009-05-07 16:19 32768 ----a-w- c:\programdata\Kodak\Installer\Interop.ShockwaveFlashObjects.dll
    2009-05-16 18:54 . 2009-05-07 16:10 4096 ----a-w- c:\programdata\Kodak\Installer\Interop.FlashAccessibility.dll
    2009-05-16 18:54 . 2009-05-07 13:58 28672 ----a-w- c:\programdata\Kodak\Installer\AxInterop.ShockwaveFlashObjects.dll
    2009-05-16 18:54 . 2009-05-07 13:58 24472 ----a-w- c:\programdata\Kodak\Installer\C4USelfUpdater.exe
    2009-05-16 18:48 . 2009-05-07 17:36 31215616 ----a-w- c:\programdata\Kodak\Installer\products\KODAK AiO Home Center\Resources.dll
    2009-05-16 18:48 . 2009-05-07 16:19 298392 ----a-w- c:\programdata\Kodak\Installer\Registration.exe
    2009-05-16 18:48 . 2009-05-07 16:09 43008 ----a-w- c:\programdata\Kodak\Installer\Extension.dll
    2009-05-16 18:48 . 2009-05-07 16:09 26112 ----a-w- c:\programdata\Kodak\Installer\Download.dll
    2009-05-16 18:48 . 2008-11-04 19:37 872448 ----a-w- c:\programdata\Kodak\Installer\Registration.dll
    2009-05-16 18:48 . 2008-11-24 19:03 45056 ----a-w- c:\programdata\Kodak\Installer\TaskScheduler.dll
    2009-05-16 18:48 . 2009-05-07 16:09 36864 ----a-w- c:\programdata\Kodak\Installer\Cleaner.dll
    2009-05-16 18:48 . 2009-05-07 16:09 20480 ----a-w- c:\programdata\Kodak\Installer\Evaluator.dll
    2009-05-16 18:48 . 2009-05-07 17:36 73728 ----a-w- c:\programdata\Kodak\Installer\Utilities.dll
    2009-05-16 18:48 . 2009-05-07 16:21 1123840 ----a-w- c:\programdata\Kodak\Installer\Kengine.dll
    2009-05-16 18:48 . 2009-05-07 16:10 38808 ----a-w- c:\programdata\Kodak\Installer\Setup.exe
    2009-05-16 18:40 . 2009-05-16 18:40
    d
    w- c:\programdata\Eastman Kodak Company
    2009-05-16 18:40 . 2009-05-16 18:40
    d
    w- c:\users\Nick\AppData\Local\Eastman Kodak Company
    2009-05-16 18:38 . 2009-04-17 16:08 12800 ----a-w- c:\windows\system32\EKDeviceServices.dll
    2009-05-16 18:35 . 2009-05-16 18:35
    d
    w- c:\windows\system32\kodak
    2009-05-16 18:34 . 2009-05-16 18:34
    d
    w- c:\program files\Kodak
    2009-05-16 18:33 . 2009-05-17 23:02
    d
    w- c:\programdata\Kodak
    2009-05-15 22:06 . 2009-05-15 22:06
    d
    w- c:\programdata\WindowsSearch
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-14 17:23 . 2007-09-10 14:40
    d
    w- c:\program files\DellSupport
    2009-06-14 03:03 . 2007-09-15 02:54 127488 ----a-w- c:\users\Nick\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-06-13 23:05 . 2008-11-27 17:57
    d
    w- c:\programdata\Microsoft Help
    2009-06-13 23:01 . 2007-09-10 14:42
    d
    w- c:\program files\Microsoft Works
    2009-06-13 22:27 . 2008-03-25 01:59 24 --sh--w- c:\windows\SD866A5DC.tmp
    2009-06-13 20:23 . 2008-05-16 04:13 30560 ----a-w- c:\programdata\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4304.1.4\Uninstaller.exe
    2009-06-13 18:02 . 2007-09-10 14:30
    d
    w- c:\programdata\Roxio
    2009-06-13 15:49 . 2007-12-07 14:10
    d
    w- c:\program files\Norton Security Scan
    2009-05-17 23:02 . 2009-05-17 23:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2009-05-16 18:33 . 2008-09-25 04:02
    d
    w- c:\program files\Bonjour
    2009-05-13 07:00 . 2006-11-02 11:18
    d
    w- c:\program files\Windows Mail
    2009-04-30 23:14 . 2009-04-30 23:14
    d
    w- c:\programdata\NVIDIA
    2009-04-24 16:05 . 2009-06-10 01:14 827904 ----a-w- c:\windows\system32\wininet.dll
    2009-04-24 16:02 . 2009-06-10 01:14 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-04-24 13:44 . 2009-06-10 01:14 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-04-23 12:43 . 2009-06-10 01:14 784896 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-04-07 21:25 . 2009-04-07 21:25 376832 ----a-w- c:\windows\system32\EKIJ5000MON.dll
    2009-04-07 21:24 . 2009-04-07 21:24 110592 ----a-w- c:\windows\system32\EKIJCOINST04.dll
    2009-03-17 03:38 . 2009-04-15 02:13 13824 ----a-w- c:\windows\system32\apilogen.dll
    2009-03-17 03:38 . 2009-04-15 02:13 24064 ----a-w- c:\windows\system32\amxread.dll
    2007-09-10 22:02 . 2007-09-10 21:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim6"="c:\program files\AIM6\aim6.exe" [2007-09-29 50528]
    "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-05-13 2091968]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-06-14 107112]
    "IS CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-11-27 456072]
    "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2009-06-14 22696]
    "dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-10 1862144]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-06-14 81000]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2009-06-14 583048]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13535776]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 92704]
    "Conime"="c:\windows\system32\conime.exe" [2008-01-19 69120]
    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-07 1511424]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-15 4390912]
    "PMX Daemon"="ICO.EXE" - c:\windows\System32\ico.exe [2006-11-08 49152]
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2081345778-1078816215-3062113987-1000]
    "EnableNotificationsRef"=dword:00000003
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{2147F7F9-C3B9-4564-9548-7CA9532865BB}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
    "UDP Query User{D03164A9-5546-40C3-8949-86D570DBED51}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
    "{A836F42D-07DF-4F00-8E76-E2B7F7942F17}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{B8A6779A-DF7C-4546-9973-666125A2D01D}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "TCP Query User{1B1E946A-6A48-42B7-8588-C011D4F013E1}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
    "UDP Query User{3B33BCC8-8504-4C2C-B63F-7CD8E977E888}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
    "TCP Query User{0E5E3C12-A265-48E6-B2B3-154C6864D8B4}c:\\program files\\abc\\abc.exe"= UDP:c:\program files\abc\abc.exe:abc
    "UDP Query User{625A1169-938C-4BF6-A3BB-0A75B4AB0F3C}c:\\program files\\abc\\abc.exe"= TCP:c:\program files\abc\abc.exe:abc
    "{0893694B-5481-4892-8FF9-7B0A3880451F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{F281C1E9-5AAF-4DC9-AA05-365960252A1A}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{3D238144-29B1-4F9E-A5B6-7CBB05A759C6}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{27AD90FB-22FA-4EF0-A56C-20750D497AAC}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{35E7A320-4D52-430B-91A8-EF6A0BA2E99B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{9753E716-7692-4899-9218-F97026A1948A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{972C0F24-3A43-4BAE-A9CA-3B6647EF5D11}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "{EE7EF120-9634-456B-AD83-E87670A3B6BA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{2E1DA2CB-CE38-4DDD-AD00-A8116A56C3BE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "TCP Query User{655C2BCD-F129-4ADE-BE4B-1CA4B423C37B}c:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= UDP:c:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
    "UDP Query User{F177FB08-6B39-45E9-8222-73AC8B7DD0D6}c:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= TCP:c:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
    "{4725765C-D051-452D-89D0-B28E2B7B3EA2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{8087D914-87AB-4410-9920-86CDCE7D4964}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{9860C552-F3FD-4DEC-8976-5C0E66266528}"= UDP:9322:EKDiscovery
    "{A70172F9-56BA-48A3-9CA3-380E18E7405A}"= UDP:9323:EKDiscovery
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [9/14/2007 11:34 PM 51792]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [5/4/2009 12:15 PM 279960]
    R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\Center\KodakSvc.exe [4/17/2009 12:08 PM 32768]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/15/2007 9:58 PM 24652]
    R3 pmxmouse;PMXMOUSE;c:\windows\System32\drivers\pmxmouse.sys [9/10/2007 10:24 AM 23232]
    R3 pmxusblf;PMXUSBLF;c:\windows\System32\drivers\pmxusblf.sys [9/10/2007 10:24 AM 19008]
    S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [9/10/2007 10:39 AM 202872]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [6/13/2009 4:14 PM 40160]
    --- Other Services/Drivers In Memory ---
    *NewlyCreated* - COMHOST
    .
    Contents of the 'Scheduled Tasks' folder
    2009-06-12 c:\windows\Tasks\Norton Security Scan for Nick.job
    - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 08:18]
    .
    - - - - ORPHANS REMOVED - - - -
    HKCU-Run-DellSupport - c:\program files\DellSupport\DSAgnt.exe

    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070910
    uInternet Settings,ProxyOverride = *.local
    DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-14 13:27
    Windows 6.0.6001 Service Pack 1 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    DLLs Loaded Under Running Processes
    - - - - - - - > 'Explorer.exe'(3376)
    c:\windows\System32\pmxscrll.dll
    c:\windows\System32\PMXCOMM.dll
    c:\windows\System32\PMXHOOKS.dll
    .
    Other Running Processes
    .
    c:\windows\System32\nvvsvc.exe
    c:\windows\System32\audiodg.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    c:\windows\System32\pmxmiced.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CFGWIZ.EXE
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\AIM6\aolsoftware.exe
    .
    **************************************************************************
    .
    Completion time: 2009-06-14 13:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-06-14 17:30
    Pre-Run: 181,253,758,976 bytes free
    Post-Run: 180,965,814,272 bytes free
    534 --- E O F --- 2009-06-14 02:59


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    I'd remove norton anyway


    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Go to Kaspersky website and perform an online antivirus scan.
    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
        Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
      [*]Click on My Computer under Scan.
      [*]Once the scan is complete, it will display the results. Click on View Scan Report.
      [*]You will see a list of infected items there. Click on Save Report As....
      [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.


    5. Closed Accounts Posts: 8 njlw226


      Actor - thanks so much for your help.

      I ran TFC previously (see my first post), but I downloaded it and ran it again.

      I ran MBAM previously as well (see first post for log), and I've ran it several times in total, but I downloaded it again and re-ran, and here is my log (looks like I might be making some progress, but still can't open avast):

      Malwarebytes' Anti-Malware 1.37
      Database version: 2277
      Windows 6.0.6001 Service Pack 1
      6/14/2009 3:53:11 PM
      mbam-log-2009-06-14 (15-53-11).txt
      Scan type: Quick Scan
      Objects scanned: 79614
      Time elapsed: 2 minute(s), 55 second(s)
      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 0
      Memory Processes Infected:
      (No malicious items detected)
      Memory Modules Infected:
      (No malicious items detected)
      Registry Keys Infected:
      (No malicious items detected)
      Registry Values Infected:
      (No malicious items detected)
      Registry Data Items Infected:
      (No malicious items detected)
      Folders Infected:
      (No malicious items detected)
      Files Infected:
      (No malicious items detected)

      When I click on Kaspersky, after I hit accept, I get the following error message: "Starting Java applet has failed! Please go online to use this program."

      Where do I go from here? Thanks again!


    6. Closed Accounts Posts: 8 njlw226


      I uninstalled Java and reinstalled and Kaspersky looks to be running so far. I'll keep you posted....


    7. Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


      you are going to have to re-install Avast


    8. Closed Accounts Posts: 8 njlw226


      Here is my log for Kaspersky...thanks!

      KASPERSKY ONLINE SCANNER 7.0 REPORT
      Sunday, June 14, 2009
      Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
      Kaspersky Online Scanner version: 7.0.26.13
      Program database last update: Sunday, June 14, 2009 22:35:16
      Records in database: 2343792
      Scan settings:
      Scan using the following database: extended
      Scan archives: yes
      Scan mail databases: yes
      Scan area - My Computer:
      C:\
      D:\
      E:\
      Scan statistics:
      Files scanned: 128099
      Threat name: 6
      Infected objects: 209
      Suspicious objects: 0
      Duration of the scan: 01:53:24

      File name / Threat name / Threats count
      C:\Program Files\Alwil Software\Avast4\DATA\moved\selfdel[1].exe.2.vir Infected: Trojan-Downloader.Win32.Small.agqr 1
      C:\Program Files\Alwil Software\Avast4\DATA\moved\selfdel[1].exe.vir Infected: Trojan-Downloader.Win32.Small.agqr 1
      C:\Program Files\KeyLogger\msdts.exe Infected: not-a-virus:Monitor.Win32.KeyLogger.aw 1
      C:\Qoobox\Quarantine\C\Program Files\DellSupport\DSAgnt.exe.vir Infected: Trojan-Downloader.Win32.Bagle.axo 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\111wfs1intwq.sys.vir Infected: Trojan-Downloader.Win32.Bagle.avs 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\1036080.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\104567.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\1045986.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\1108574.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\1142114.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\115518.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\120183.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14726962.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14741252.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14748069.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14750190.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14760611.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14764277.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14820656.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14828222.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14828597.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14841467.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14846349.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14848424.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14849189.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14861981.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14865382.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14869968.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14909249.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14919280.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14944942.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\14971369.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\157529.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\159729.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\162303.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\165361.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\173051.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\179447.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\185204.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\226856.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\236747.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\241895.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\252581.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\262300.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\268961.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\277307.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\281769.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\284265.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\291113.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\29394082.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\29398450.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\29402272.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\29416188.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\29421024.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\29473471.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\29496715.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\29522097.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\337461.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\346821.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\378630.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\43928758.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\43930380.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\43933687.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\43938243.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\43952049.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\43957946.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\44006587.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\44028052.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\44053590.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\77407.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\931310.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\934321.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\944882.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\957908.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\downld\961558.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\drivers\winupgro.exe.vir Infected: Trojan-Downloader.Win32.Bagle.axo 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\data.oct.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\flec006.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\AbyssMedia_Audio_Converter_Plus_3.31_[Serial].zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Advanced LAN Scanner 1.0 Beta 1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Advanced RSS2Email Professional 3.1.58.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Adwords_Exact_File_Resizer_1.0_[Key].zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\AfterShocked 1.20.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Age_of_Mythology_-_Gargarensis_Updated_scenario.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Aimersoft Zune Converter Suite 1.1.55.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\AIV Startup Protector 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Alcoon VideoViewer 3.35.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Altair 1.0 Rev.16.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\AnalyzerXL_5.9.11.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Animated_Beginning_Typing_1.20_(KeyGen).zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Anvsoft_3GP_Photo_Slideshow_1.12.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Ashampoo_UnInstaller_Platinum_Suite_2.81.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Asian Beauties 1 Screen Saver 3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Atomic_Miranda_Password_Recovery_1.10_[With_Crack].zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Autostitch 2.187 [Cracked].zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Azrael's Tear demo.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\BackEdit_11.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Beautiful Snow Demo Screensaver 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Big Birds Screensaver 1.0 Key+Serial.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\BigButtons_1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\BitTorrent 6.1.2 Build 15169.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Blue Fantasy 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Celtic_Kings_Rage_of_War_patch_1.16.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Cheesy_Chess_2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Complete Time Tracking Professional 2.52.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Coral Fish Screensaver 1.04.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\CostOS_Estimating_Standard_Edition_1.5.21_With_Crack.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Cryptgine_Archiver_1.05.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Crystal Alloy Fusion - Blue 3.0.7.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Currency_Converter_Opera_Widget_1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\dbQwikReport_Pro_1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\DDCDes_2.0.0.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\DEKSI_Network_Inventory_5.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Digi.Lite 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Digital Cookbook Plus Edition 4.02.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\DirectX_Eradicator_2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Ducky 1.00.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Electra_1.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\FATMon 3.2.0.6 [Serial].zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\FileOrganiser 1.22.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\File_Association_Manager_2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Fix_Broken_Links_for_Excel_1.1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Free Download Manager 2.5 Build 700.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Free Website Hits Counter 1.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Future_City_3D_Screensaver_1.0_[KeyGen].zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Gogo_DVD_To_Ipod_Converter_1.3.8.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Google search bar 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Guide 2 Aromatherapy 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Guitarz_6.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Handy Free Clock 1.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Hexa Viewer 1.0.0.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Hot_Keys_1.0_(KeyGen).zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\I-Net Email ID Extractor 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\iBrowse_1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\iFox 3.0.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\ImageFlip 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\iNeeda_Password_&_Tracker_Pro_3.3_Key.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Insider_TA_5.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Inventory_Power_3.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\iPod Video Converter 1.0.0.8.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\JoinLine 1.9.30.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Kaspersky.AntiSpam.key.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Kaspersky.Antivirus.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\KeyManager 1.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Kids Web Menu 1.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Living_Globe_1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\MassRenamer 1.0.7.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\MaxxHi5 Delay 1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Michael Moore's Must read List 1.0.0.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Miracle_Mongers_and_Their_Methods_1.0_Key.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\MP4 MP3 Converter 3.1 Build 827.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Net-It_Batch_1.0.0.019_Key.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Nocturne_demo_#1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Noisy_Keyboard_3.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\NutriGenie Lower High Blood Pressure 4.4a.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\O&O_BlueCon_XXL_5_build_414.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\One EZ Loan Calculator 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Options_Czar.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\PC_FileRename_1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\PDF2EXE 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\PhonerLite 1.22.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\PicoAuction-Explorer_1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\PLT Import for SolidWorks 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\QPlot_1.2.4286.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Rebex ZlibStream for .NET 1.0.3428.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Rental Property Manager 2 2.16.1.132.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Rise_of_Nations_Prokhorovka_Map.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\RoboGEO 5.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\ROM_With_a_View_3.4_Build_3004.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\RoomDex_1.6_(Crack).zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\RTL2_1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Sad_Souls_Icons_1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Screen Monkey 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\SenderOK 1.029.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Serif_DrawPlus_4.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Sixth_Sense_POS_6.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Slap 1.2.2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\SmileIDE Beta 1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Snowstorm Screensaver 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Soaring_Eagles_1_[With_Crack].zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Solid PDF Creator 1.1 build 052.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Sort Music Pro 4.72.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\SortPlaces 1.5.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Static Outlook Backup 2.9c.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Super_Guitar_Chord_Finder_5.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\SWF_Sound_Automation_Tool_2.7.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Swifty Compress & Swifty Decompress 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Tera TextEditor 3.7.440.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\THcalc 1.7.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\The Lords 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\The_Essence_of_the_Bhagavad_Gita_1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Tribune Font PostScript 1.51.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\TypingQueen_6.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\ubGrid 1.2.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Ultra_Assault_1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Unreal_Tournament_2003_-_House_of_Cthon_2_deathmatch_map.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\URLMaker 3.0.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\VLButtonBar_3.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\VORG_Team_1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Wallpapers Manager 0.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Web_Editor_PRO_1.03_(Serial).zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Wereldomroep_News_Clock_2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\WifiRadio_2.0.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Wkspycon 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\Worldwide Newspapers Reader 4.1.21.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\X360 Tiff Image & Fax Viewer ActiveX Control 2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Users\Nick\AppData\Roaming\m\shared\XPather_1.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.axp 1
      C:\Qoobox\Quarantine\C\Windows\System32\mdelk.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      C:\Qoobox\Quarantine\C\Windows\System32\wintems.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
      The selected area was scanned.


    9. Advertisement
    10. Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


      delete this file


      C:\Program Files\KeyLogger\msdts.exe


      Download RootRepeal.zip and unzip it to your Desktop.
      • Double click RootRepeal.exe to start the program
      • Click on the Report tab at the bottom of the program window
      • Click the Scan button
      • In the Select Scan dialog, check:

        • Drivers
        • Files
        • Processes
        • SSDT
        • Stealth Objects
        • Hidden Services
        [*]Click the OK button
        [*]In the next dialog, select all drives showing
        [*]Click OK to start the scan
        Note: The scan can take some time. DO NOT run any other programs while the scan is running
        [*]When the scan is complete, the Save Report button will become available
        [*]Click this and save the report to your Desktop as RootRepeal.txt
        If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

        To attach a file, do the following:
        • Click Add Reply
        • Under the reply panel is the Attachments Panel
        • Browse for the attachment file you want to upload, then click the green Upload button
        • Once it has uploaded, click the Manage Current Attachments drop down box
        • Click on attach_add.png to insert the attachment into your post



        CLICK HERE to download the HijackThis Installer:
        1. Save HJTInstall.exe to your desktop.
        2. Double-click on HJTInstall.exe to run the program.
        3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
        4. Accept the license agreement by clicking the "I Accept" button.
        5. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
        6. Click "Save log" to save the log file and then the log will open in Notepad.
        7. Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
        8. Come back here to this thread and paste the log in your next reply.
        9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.


      • Closed Accounts Posts: 8 njlw226


        Here is the ROOTREPEAL log...I will post the HiJackthis log shortly...

        ROOTREPEAL (c) AD, 2007-2009
        ==================================================
        Scan Time: 2009/06/15 20:22
        Program Version: Version 1.3.0.0
        Windows Version: Windows Vista SP1
        ==================================================
        Drivers
        Name: dump_diskdump.sys
        Image Path: C:\Windows\System32\Drivers\dump_diskdump.sys
        Address: 0x8CAD1000 Size: 40960 File Visible: No Signed: -
        Status: -
        Name: dump_nvstor32.sys
        Image Path: C:\Windows\System32\Drivers\dump_nvstor32.sys
        Address: 0x8CADB000 Size: 106496 File Visible: No Signed: -
        Status: -
        Name: IntcAzAudAddService
        Image Path: \Driver\IntcAzAudAddService
        Address: 0x8C208000 Size: 1739264 File Visible: No Signed: -
        Status: Hidden from Windows API!
        Name: rootrepeal.sys
        Image Path: C:\Windows\system32\drivers\rootrepeal.sys
        Address: 0x9AF1D000 Size: 49152 File Visible: No Signed: -
        Status: -
        Hidden/Locked Files
        Path: C:\hiberfil.sys
        Status: Locked to the Windows API!
        Path: C:\System Volume Information\{14653a3f-558f-11de-bc11-001aa05afded}{3808876b-c176-4e48-b7ae-04046e6cc752}
        Status: Locked to the Windows API!
        Path: C:\System Volume Information\{14653a45-558f-11de-bc11-001aa05afded}{3808876b-c176-4e48-b7ae-04046e6cc752}
        Status: Locked to the Windows API!
        Path: C:\System Volume Information\{14653a58-558f-11de-bc11-001aa05afded}{3808876b-c176-4e48-b7ae-04046e6cc752}
        Status: Locked to the Windows API!
        Path: C:\System Volume Information\{2c27aebb-5866-11de-b74d-001aa05afded}{3808876b-c176-4e48-b7ae-04046e6cc752}
        Status: Locked to the Windows API!
        Path: C:\System Volume Information\{3039d93a-5832-11de-8979-001aa05afded}{3808876b-c176-4e48-b7ae-04046e6cc752}
        Status: Locked to the Windows API!
        Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
        Status: Locked to the Windows API!
        Path: C:\System Volume Information\{3a2e5f9b-586b-11de-b3ac-001aa05afded}{3808876b-c176-4e48-b7ae-04046e6cc752}
        Status: Locked to the Windows API!
        Path: C:\System Volume Information\{3a2e5fbb-586b-11de-b3ac-001aa05afded}{3808876b-c176-4e48-b7ae-04046e6cc752}
        Status: Locked to the Windows API!
        Path: C:\System Volume Information\{4e746a1e-5908-11de-a3a2-001aa05afded}{3808876b-c176-4e48-b7ae-04046e6cc752}
        Status: Locked to the Windows API!
        Path: C:\System Volume Information\{d14e2d57-591b-11de-b2ef-001aa05afded}{3808876b-c176-4e48-b7ae-04046e6cc752}
        Status: Locked to the Windows API!
        Path: C:\System Volume Information\{d14e2d5d-591b-11de-b2ef-001aa05afded}{3808876b-c176-4e48-b7ae-04046e6cc752}
        Status: Locked to the Windows API!
        Path: C:\System Volume Information\{d14e2d6c-591b-11de-b2ef-001aa05afded}{3808876b-c176-4e48-b7ae-04046e6cc752}
        Status: Locked to the Windows API!
        Path: C:\System Volume Information\{df077617-5919-11de-bd0c-001aa05afded}{3808876b-c176-4e48-b7ae-04046e6cc752}
        Status: Locked to the Windows API!
        Path: C:\System Volume Information\{e458b818-5868-11de-9009-001aa05afded}{3808876b-c176-4e48-b7ae-04046e6cc752}
        Status: Locked to the Windows API!
        Path: C:\System Volume Information\{FF074~1
        Status: Locked to the Windows API!
        Path: C:\System Volume Information\{ff074a6c-5486-11de-b802-001aa05afded}{3808876b-c176-4e48-b7ae-04046e6cc752}
        Status: Locked to the Windows API!
        Path: C:\System Volume Information\{ff074a72-5486-11de-b802-001aa05afded}{3808876b-c176-4e48-b7ae-04046e6cc752}
        Status: Locked to the Windows API!
        Path: c:\windows\temp\imt42cb.tmp
        Status: Allocation size mismatch (API: 544, Raw: 0)
        Path: c:\windows\temp\imt67b8.tmp
        Status: Allocation size mismatch (API: 544, Raw: 0)
        Path: C:\Windows\temp\~FS3342.tmp
        Status: Locked to the Windows API!
        Path: C:\Windows\temp\~FS57E2.tmp
        Status: Locked to the Windows API!
        Path: C:\Windows\temp\~IX3330.tmp
        Status: Locked to the Windows API!
        Path: C:\Windows\temp\~IX3340.tmp
        Status: Locked to the Windows API!
        Path: C:\Windows\temp\~IX3341.tmp
        Status: Locked to the Windows API!
        Path: C:\Windows\temp\~IX57DF.tmp
        Status: Locked to the Windows API!
        Path: C:\Windows\temp\~IX57E0.tmp
        Status: Locked to the Windows API!
        Path: C:\Windows\temp\~IX57E1.tmp
        Status: Locked to the Windows API!
        Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF
        Status: Locked to the Windows API!
        Path: C:\Windows\System32\wbem\PORTAB~3.MOF
        Status: Locked to the Windows API!
        Path: C:\Windows\System32\wbem\PORTAB~2.MOF
        Status: Locked to the Windows API!
        Path: C:\Windows\System32\wbem\PORTAB~1.MOF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.762_none_24c8a196583ff03b.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_68dd77a25d61a50b.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.762_none_6d78e2ee5a7eb616.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.debugmfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_29a8a38855141f6e.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc.cat
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.16720_none_7c654fdc62654993\ASPNET~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.20883_none_659d66807c078e86\ASPNET~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.18111_none_7c40349262b75634\ASPNET~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.22230_none_6574a52e7c5ccf47\ASPNET~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.16720_none_04c87b54ba4ac535\UNINST~1.SQL
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.20883_none_ee0091f8d3ed0a28\UNINST~1.SQL
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.18111_none_04a3600aba9cd1d6\UNINST~1.SQL
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.22230_none_edd7d0a6d4424ae9\UNINST~1.SQL
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0ba\CREATE~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0ba\MANAGE~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125ad\CREATE~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125ad\MANAGE~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5b\CREATE~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5b\MANAGE~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666e\CREATE~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666e\MANAGE~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\CREATE~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\MANAGE~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\CREATE~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\MANAGE~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\CREATE~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\MANAGE~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\CREATE~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\MANAGE~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\CHOOSE~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~2.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\CHOOSE~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~2.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\CHOOSE~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~2.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.16720_none_c39efe8a3f927437\SETUPA~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.20883_none_acd7152e5934b92a\SETUPA~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.18111_none_c379e3403fe480d8\SETUPA~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.22230_none_acae53dc5989f9eb\SETUPA~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.16720_none_b103fb905f6db0d9\MANAGE~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.20883_none_9a3c1234790ff5cc\MANAGE~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.18111_none_b0dee0465fbfbd7a\MANAGE~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6000.16720_none_9e3e9a071d8dacdd\WEBCON~1.DEF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8776b0ab372ff1d0\WEBCON~1.DEF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.16720_none_b462fc0cbe880bcb\MICROS~1.XSD
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6000.20883_none_9d9b12b0d82a50be\MICROS~1.XSD
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.18111_none_b43de0c2beda186c\MICROS~1.XSD
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-msbuild_core_schema__b03f5f7f11d50a3a_6.0.6001.22230_none_9d72515ed87f917f\MICROS~1.XSD
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\CHOOSE~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~2.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.18111_none_75c874a9a137a5f0\MANAGE~2.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.22230_none_9a1350e27965368d\MANAGE~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\INSTAL~1.SQL
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UNINST~1.SQL
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6001.18000_none_9e18955f1de08635\WEBCON~1.DEF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7b4eba45cecd6936\IEEXEC~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6000.20883_none_6486d0e9e86fae29\IEEXEC~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7b299efbcf1f75d7\IEEXEC~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-redist_config_files_b03f5f7f11d50a3a_6.0.6001.22230_none_645e0f97e8c4eeea\IEEXEC~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.0.6000.16720_none_ea5553f167a4fe69\REGSVC~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.0.6000.20883_none_d38d6a958147435c\REGSVC~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.0.6001.18000_none_ea2f4f4967f7d7c1\REGSVC~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18000_none_4b00c645ec09f02d\PORTAB~3.MOF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18000_none_4b00c645ec09f02d\PORTAB~2.MOF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18000_none_4b00c645ec09f02d\PORTAB~1.MOF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18248_none_01c5b9e9a1ec46b0\$$DeleteMe.wininet.dll.01c9ee17612be170.0000
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18248_none_b4bfde47d6e3201d\$$DeleteMe.urlmon.dll.01c9ee1767d69b50.0002
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18248_none_478070c58c9d650d\$$DeleteMe.iertutil.dll.01c9ee17626ad9b0.0001
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\INSTAL~1.SQL
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\UNINST~1.SQL
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca44e71\WEB_ME~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b36469364\WEB_ME~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf65b12\WEB_ME~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369bd425\WEB_ME~1.CON
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.22230_none_5efce545badd1f03\MANAGE~2.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b55197883e6\MANAGE~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b55197883e6\MANAGE~2.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331ac8d9\MANAGE~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331ac8d9\MANAGE~2.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~2.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.22230_none_70e2f0a73370099a\MANAGE~1.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.22230_none_70e2f0a73370099a\MANAGE~2.RES
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.16720_none_62b207ce0c996d96\SETUPA~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6000.20883_none_4bea1e72263bb289\SETUPA~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.18111_none_628cec840ceb7a37\SETUPA~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_security_b03f5f7f11d50a3a_6.0.6001.22230_none_4bc15d202690f34a\SETUPA~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~2.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~3.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~4.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBB00~1.ASP
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\ASPX_F~1.GIF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\DESELE~1.GIF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\GRADIE~1.GIF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\GRADIE~2.GIF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\HEADER~1.GIF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\REQUIR~1.GIF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SECURI~1.JPG
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SELECT~2.GIF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\SELECT~3.GIF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\UNSELE~1.GIF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.16720_none_aee54cea18c2ca82\UNSELE~2.GIF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\ASPX_F~1.GIF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\DESELE~1.GIF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\GRADIE~1.GIF
        Status: Locked to the Windows API!
        Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.0.6000.20883_none_981d638e32650f75\GRADIE~2.GIF
        Status: Locked to thProcesses
        Path: System
        PID: 4 Status: Locked to the Windows API!
        Path: C:\Windows\System32\audiodg.exe
        PID: 1168 Status: Locked to the Windows API!
        Stealth Objects
        Object: Hidden Module [Name: winlogon.exe]
        Process: svchost.exe (PID: 984) Address: 0x00c00000 Size: 323584
        Object: Hidden Module [Name: winlogon.exe]
        Process: svchost.exe (PID: 984) Address: 0x00d50000 Size: 323584
        Object: Hidden Module [Name: WinMgmtR.dll]
        Process: svchost.exe (PID: 984) Address: 0x6e460000 Size: 8192
        Object: Hidden Module [Name: tquery.dll]
        Process: svchost.exe (PID: 984) Address: 0x71280000 Size: 1589248
        Object: Hidden Module [Name: schedsvc.dll]
        Process: svchost.exe (PID: 984) Address: 0x72d50000 Size: 606208
        Object: Hidden Module [Name: profsvc.dll]
        Process: svchost.exe (PID: 984) Address: 0x74360000 Size: 163840
        Object: Hidden Module [Name: wevtapi.dll]
        Process: svchost.exe (PID: 984) Address: 0x751c0000 Size: 258048
        Object: Hidden Module [Name: Kodak.Diagnostics.dll]
        Process: KodakSvc.exe (PID: 1984) Address: 0x00980000 Size: 45056
        Object: Hidden Module [Name: IrisFX.dll]
        Process: KodakSvc.exe (PID: 1984) Address: 0x009b0000 Size: 28672
        Object: Hidden Module [Name: Interop.WIA.dll]
        Process: KodakSvc.exe (PID: 1984) Address: 0x00ba0000 Size: 61440
        Object: Hidden Module [Name: Kodak.Utilities.dll]
        Process: KodakSvc.exe (PID: 1984) Address: 0x00ff0000 Size: 331776
        Object: Hidden Module [Name: Twain.dll]
        Process: KodakSvc.exe (PID: 1984) Address: 0x00c40000 Size: 81920
        Object: Hidden Module [Name: Kodak.Imaging.dll]
        Process: KodakSvc.exe (PID: 1984) Address: 0x01050000 Size: 176128
        Object: Hidden Module [Name: Kodak.Controls.Exhale.dll]
        Process: KodakSvc.exe (PID: 1984) Address: 0x03190000 Size: 405504
        Object: Hidden Module [Name: Kodak.AutomationImplementation.dll]
        Process: EKDiscovery.exe (PID: 1960) Address: 0x011b0000 Size: 28672
        Object: Hidden Module [Name: mshtmler.dll]
        Process: iexplore.exe (PID: 4016) Address: 0x6df60000 Size: 49152
        Object: Hidden Code [ETHREAD: 0x839c8730]
        Process: System Address: 0x88269370 Size: 1837
        Object: Hidden Code [ETHREAD: 0x83a092d8]
        Process: System Address: 0x90726ce0 Size: 418
        Object: Hidden Code [ETHREAD: 0x83a0a020]
        Process: System Address: 0xa7a0f808 Size: 830
        Object: Hidden Code [ETHREAD: 0x83a0ad78]
        Process: System Address: 0x83a0af6c Size: 153
        Object: Hidden Code [ETHREAD: 0x83a0a828]
        Process: System Address: 0x83a0aa1c Size: 343
        Object: Hidden Code [ETHREAD: 0x83a0a580]
        Process: System Address: 0x9baab8f8 Size: 301
        Object: Hidden Code [ETHREAD: 0x83a0a2d8]
        Process: System Address: 0x93b2ee10 Size: 74
        Object: Hidden Code [ETHREAD: 0x86bb2508]
        Process: System Address: 0x906c50e8 Size: 176
        ==EOF==


      • Closed Accounts Posts: 8 njlw226


        Here is my Hijack this log:

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 8:59:29 PM, on 6/15/2009
        Platform: Windows Vista SP1 (WinNT 6.00.1905)
        MSIE: Internet Explorer v8.00 (8.00.6001.18702)
        Boot mode: Normal
        Running processes:
        C:\Windows\system32\taskeng.exe
        C:\Windows\system32\Dwm.exe
        C:\Windows\Explorer.EXE
        C:\Windows\RtHDVCpl.exe
        C:\Windows\System32\ico.exe
        C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
        C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Windows\System32\rundll32.exe
        C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
        C:\Program Files\Java\jre6\bin\jusched.exe
        C:\Program Files\AIM6\aim6.exe
        C:\Windows\System32\Pmxmiced.exe
        C:\Program Files\AIM6\aolsoftware.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Windows\system32\SearchProtocolHost.exe
        C:\Windows\system32\SearchFilterHost.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
        O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
        O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
        O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
        O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
        O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
        O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
        O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
        O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
        O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
        O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
        O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
        O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
        O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
        O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
        O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
        O13 - Gopher Prefix:
        O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
        O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
        O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
        O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
        O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
        O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
        O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
        O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
        O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
        O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
        O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
        O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
        O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\AiO\center\KodakSvc.exe
        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
        O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
        O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
        O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
        O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
        O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
        O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
        O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
        O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
        --
        End of file - 9388 bytes


      • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        Your logs are clean


        Follow these steps to uninstall Combofix and tools used in the removal of malware
        • Click START then RUN
        • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
          CF_Cleanup.png


        • Download OTC to your desktop and run it
        • Click Yes to beginning the Cleanup process and remove these components, including this application.
        • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.




        Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
        http://www.adobe.com/products/acrobat/readstep2.html



        Below I have included a number of recommendations for how to protect your computer against malware infections.
        • Keep Windows updated by regularly checking their website at :
          http://windowsupdate.microsoft.com/
          This will ensure your computer has always the latest security updates available installed on your computer.

        • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

        • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

        • Make Internet Explorer more secure
          • Click Start > Run
          • Type Inetcpl.cpl & click OK
          • Click on the Security tab
          • Click Reset all zones to default level
          • Make sure the Internet Zone is selected & Click Custom level
          • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
          • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
        • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

        • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

        • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
          secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
          blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
          Here


          If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
          • NoScript - for blocking ads and other potential website attacks
          • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

        • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

        • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

        • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

        • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

        • Please read my guide on how to prevent malware and about safe computing here
        Thank you for your patience, and performing all of the procedures requested.


      Advertisement