ComputerForum.com ComputerForum.com  
Go Back   Computer Forum > Computer Software > Computer Security

Reply
 
LinkBack Thread Tools Display Modes
Old 09-18-2006, 11:54 PM   #11 (permalink)
Platinum Member
 
Join Date: Jan 2006
Posts: 567
Default

Go to ADD/REMOVE Programs and get rid of the following.

Koolbar.net - Toolbar
PartyPoker (if you don't use)
Sysnet
Viewpoint Manager (Remove Only)
Viewpoint Media Player (Remove Only)
Windows VisFx Components

Reboot and navigate to C/Program Files and remove any of these folders if still present.

Run ATF cleaner (select all)

Next go here http://forums.majorgeeks.com/showthread.php?t=74265 and follow these removal instructions. It must be run from safemode.Once completed, return to (safemode with networking) and run this online scan here http://www.trendmicro.com/spyware-scan/ .Once finished, reboot into normal windows and post a fresh 'HJT' log.
edifier is offline   Reply With Quote


Old 09-19-2006, 08:36 PM   #12 (permalink)
Gold Member
 
Join Date: Aug 2006
Location: ottawa, canada
Posts: 391
Default

alright i got rid of all except for koolbar.net - toolbar because it doesnt let me remove, nothing happens when i try and remove. that is why i still have it there.
HELP_ME is offline   Reply With Quote
Old 09-19-2006, 11:46 PM   #13 (permalink)
Platinum Member
 
Join Date: Jan 2006
Posts: 567
Default

Just follow the rest of the instructions and if still present, we'll get rid of it manually.
edifier is offline   Reply With Quote
Old 09-23-2006, 04:24 PM   #14 (permalink)
Gold Member
 
Join Date: Aug 2006
Location: ottawa, canada
Posts: 391
Default

Logfile of HijackThis v1.99.1
Scan saved at 11:24:07 AM, on 9/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Updater.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
C:\Documents and Settings\Matthew April\My Documents\My Received Files\anti-spy\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0. dll (file missing)
O3 - Toolbar: Search - {215303D2-42B9-A7EC-7414-5630B3DD8F1A} - C:\WINDOWS\Cagxrcfg.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [lfsqbiqafb] C:\WINDOWS\System32\wqupxsmg.exe
O4 - HKLM\..\Run: [kjefel] C:\WINDOWS\kjefel.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [inhttpw] C:\WINDOWS\System32\inhttpw.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [wshatm] "C:\WINDOWS\system32\wshatm.exe"
O4 - HKCU\..\Run: [wlnotify] "C:\WINDOWS\system32\wlnotify.exe"
O4 - HKCU\..\Run: [vxblock] "C:\WINDOWS\system32\vxblock.exe"
O4 - HKCU\..\Run: [version] C:\WINDOWS\System32\version.exe
O4 - HKCU\..\Run: [shfolder] "C:\WINDOWS\system32\shfolder.exe"
O4 - HKCU\..\Run: [s3gnb] "C:\WINDOWS\system32\s3gnb.exe"
O4 - HKCU\..\Run: [raschap] "C:\Documents and Settings\Matthew April\raschap.exe"
O4 - HKCU\..\Run: [netcfgx] "C:\WINDOWS\system32\netcfgx.exe"
O4 - HKCU\..\Run: [netapi] "C:\WINDOWS\system32\netapi.exe"
O4 - HKCU\..\Run: [kbduzb] "C:\WINDOWS\system32\kbduzb.exe"
O4 - HKCU\..\Run: [kbdus] "C:\WINDOWS\system32\kbdus.exe"
O4 - HKCU\..\Run: [kbdinbe1] "C:\WINDOWS\system32\kbdinbe1.exe"
O4 - HKCU\..\Run: [kbdhe] "C:\WINDOWS\system32\kbdhe.exe"
O4 - HKCU\..\Run: [jgmd400] "C:\WINDOWS\system32\jgmd400.exe"
O4 - HKCU\..\Run: [ir41_qcx] "C:\WINDOWS\system32\ir41_qcx.exe"
O4 - HKCU\..\Run: [infosoft] "C:\WINDOWS\system32\infosoft.exe"
O4 - HKCU\..\Run: [inetclnt] "C:\WINDOWS\system32\inetclnt.exe"
O4 - HKCU\..\Run: [hsfcisp2] "C:\WINDOWS\system32\hsfcisp2.exe"
O4 - HKCU\..\Run: [fkfw] C:\PROGRA~1\COMMON~1\fkfw\fkfwm.exe
O4 - HKCU\..\Run: [eventcls] "C:\WINDOWS\system32\eventcls.exe"
O4 - HKCU\..\Run: [dmband] "C:\WINDOWS\system32\dmband.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cscui] "C:\Documents and Settings\Matthew April\cscui.exe"
O4 - HKCU\..\Run: [iprtcnst] "C:\WINDOWS\system32\iprtcnst.exe"
O4 - HKCU\..\Run: [atiicdxx] "C:\WINDOWS\system32\atiicdxx.exe"
O4 - HKCU\..\Run: [rmoc3260] "C:\WINDOWS\system32\rmoc3260.exe"
O4 - HKCU\..\Run: [getuname] "C:\WINDOWS\system32\getuname.exe"
O4 - HKCU\..\Run: [vdmdbg] "C:\WINDOWS\system32\vdmdbg.exe"
O4 - HKCU\..\Run: [resutils] "C:\WINDOWS\system32\resutils.exe"
O4 - HKCU\..\Run: [lftif11n] "C:\WINDOWS\system32\lftif11n.exe"
O4 - HKCU\..\Run: [uniplat] "C:\WINDOWS\system32\uniplat.exe"
O4 - HKCU\..\Run: [msr2cenu] "C:\WINDOWS\system32\msr2cenu.exe"
O4 - HKCU\..\Run: [mmcbase] "C:\WINDOWS\system32\mmcbase.exe"
O4 - HKCU\..\Run: [msorc32r] "C:\WINDOWS\system32\msorc32r.exe"
O4 - HKCU\..\Run: [wmiprop] "C:\WINDOWS\system32\wmiprop.exe"
O4 - HKCU\..\Run: [dmscript] "C:\WINDOWS\system32\dmscript.exe"
O4 - HKCU\..\Run: [wmerror] "C:\WINDOWS\system32\wmerror.exe"
O4 - HKCU\..\Run: [qasf] "C:\WINDOWS\system32\qasf.exe"
O4 - HKCU\..\Run: [6to4svc] "C:\WINDOWS\system32\6to4svc.exe"
O4 - HKCU\..\Run: [dpwsock] "C:\WINDOWS\system32\dpwsock.exe"
O4 - HKCU\..\Run: [kbdir] "C:\WINDOWS\system32\kbdir.exe"
O4 - HKCU\..\Run: [pjlmon] "C:\WINDOWS\system32\pjlmon.exe"
O4 - HKCU\..\Run: [dispex] "C:\WINDOWS\system32\dispex.exe"
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = C:\Program Files\NETGEAR\WG121 Configuration Utility\wlancfg8.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Rogers Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/p...n/pestscan.cab
O16 - DPF: {563EC66E-5A1B-51D2-1DB0-5080C83DA4EB} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/sext02.c...aInstaller.exe
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\pychdprf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
HELP_ME is offline   Reply With Quote
Old 09-23-2006, 05:12 PM   #15 (permalink)
Platinum Member
 
Join Date: Jan 2006
Posts: 567
Default

Okay. Still a mess. Lets try a few specialty tools.

Download VundoFix.exe- http://www.atribune.org/ccount/click.php?id=4 to your desktop.

Double-click VundoFix.exe to run it.
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.

A log called vundofix.txt will be created in your C:\ directory. Please post that log.
edifier is offline   Reply With Quote


Old 09-23-2006, 05:47 PM   #16 (permalink)
Gold Member
 
Join Date: Aug 2006
Location: ottawa, canada
Posts: 391
Default

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.4

Java version is 1.5.0.6

Scan started at 12:34:49 PM 9/23/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...
HELP_ME is offline   Reply With Quote
Old 09-23-2006, 06:12 PM   #17 (permalink)
Platinum Member
 
Join Date: Jan 2006
Posts: 567
Default

Next One.

Download SmitFraudFix from this link http://siri.urz.free.fr/Fix/SmitfraudFix.zip Then extract the contents to your desktop.

Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Post that log.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Do not run any other options as they will damage your desktop if run on an uninfected computer.
edifier is offline   Reply With Quote
Old 09-23-2006, 06:22 PM   #18 (permalink)
Gold Member
 
Join Date: Aug 2006
Location: ottawa, canada
Posts: 391
Default

you already had me fix this... it was one of the fixes under SmitRem and nothing was detected so.... do you still want me to do it?
HELP_ME is offline   Reply With Quote
Old 09-23-2006, 06:54 PM   #19 (permalink)
Platinum Member
 
Join Date: Jan 2006
Posts: 567
Default

Sorry for that. Very busy this morning and this thread has spanned quite a few days. I want you to do the following dianogstic scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop. Post a copy of it here.
edifier is offline   Reply With Quote
Old 09-23-2006, 09:31 PM   #20 (permalink)
Gold Member
 
Join Date: Aug 2006
Location: ottawa, canada
Posts: 391
Default

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, September 23, 2006 4:27:48 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/09/2006
Kaspersky Anti-Virus database records: 225954
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 123778
Number of viruses found: 43
Number of infected objects: 137 / 0
Number of suspicious objects: 2
Duration of the scan process: 01:09:31

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\SSS1.exe/AlxRes.dll Infected: not-a-virus:AdWare.Win32.AlexaBar.a skipped
C:\WINDOWS\system32\SSS1.exe InstallCreator: infected - 1 skipped
C:\WINDOWS\system32\SSS1.exe UPX: infected - 1 skipped
C:\WINDOWS\system32\desktrf.exe/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.b skipped
C:\WINDOWS\system32\desktrf.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\lvvkammr.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\system32\8jqs4hc1.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{AD3F46 45-B27F-42A8-A057-D1B9DBF561F4}.bin Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Megasearch.zip/MegasearchBarSetup.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Megasearch.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tim April\Local Settings\Temporary Internet Files\Content.IE5\S16FWXMN\minisetup2[1].exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\Documents and Settings\Tim April\Local Settings\Temporary Internet Files\Content.IE5\S16FWXMN\minisetup2[1].exe NSIS: infected - 1 skipped
C:\Documents and Settings\Matthew April\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Matthew April\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Matthew April\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matthew April\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Matthew April\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Matthew April\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Matthew April\Local Settings\Temp\~DF2BD5.tmp Object is locked skipped
C:\Documents and Settings\Matthew April\My Documents\Downloads\Half-LIfe_PLUS_CS1.5_PLus\Half-Life.zip/Half-Life/hltv.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv skipped
C:\Documents and Settings\Matthew April\My Documents\Downloads\Half-LIfe_PLUS_CS1.5_PLus\Half-Life.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Matthew April\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\Tspd[1].exe.bac_a00168/data0002 Infected: not-a-virus:AdWare.Win32.Agent.e skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\Tspd[1].exe.bac_a00168 NSIS: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\Tspd[1].exe.bac_a00168 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\Tspd[2].exe.bac_a00168/data0002 Infected: not-a-virus:AdWare.Win32.Agent.e skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\Tspd[2].exe.bac_a00168 NSIS: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\Tspd[2].exe.bac_a00168 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0016135.exe.bac_a0 0168 Infected: Trojan-Dropper.Win32.Agent.tb skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017414.exe.bac_a0 0168/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017414.exe.bac_a0 0168/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017414.exe.bac_a0 0168/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017414.exe.bac_a0 0168/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017414.exe.bac_a0 0168/data0008 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017414.exe.bac_a0 0168/data0009 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017414.exe.bac_a0 0168 NSIS: infected - 6 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017414.exe.bac_a0 0168 CryptFF.b: infected - 6 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017448.dll.bac_a0 0168 Infected: not-a-virus:AdWare.Win32.Beginto.b skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0014018.exe.bac_a0 0168/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0014018.exe.bac_a0 0168/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0014018.exe.bac_a0 0168/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0014018.exe.bac_a0 0168/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.az skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0014018.exe.bac_a0 0168/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.az skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0014018.exe.bac_a0 0168 CAB: infected - 5 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0014018.exe.bac_a0 0168 CryptFF.b: infected - 5 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017451.dll.bac_a0 0168 Infected: not-a-virus:AdWare.Win32.Sahat.g skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017415.exe.bac_a0 0168/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017415.exe.bac_a0 0168/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017415.exe.bac_a0 0168/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.b skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017415.exe.bac_a0 0168/data0004 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017415.exe.bac_a0 0168/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.b skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017415.exe.bac_a0 0168 NSIS: infected - 5 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017415.exe.bac_a0 0168 CryptFF.b: infected - 5 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\cmmanupd[1].exe.bac_a00168/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.m skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\cmmanupd[1].exe.bac_a00168 NSIS: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\cmmanupd[1].exe.bac_a00168 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017533.exe.bac_a0 0168/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.m skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017533.exe.bac_a0 0168 NSIS: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017533.exe.bac_a0 0168 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017447.exe.bac_a0 0168/data0002 Infected: not-a-virus:AdWare.Win32.Beginto.a skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017447.exe.bac_a0 0168/data0003 Infected: not-a-virus:AdWare.Win32.Beginto.a skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017447.exe.bac_a0 0168 NSIS: infected - 2 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017447.exe.bac_a0 0168 CryptFF.b: infected - 2 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017455.exe.bac_a0 0168/data0002 Infected: not-a-virus:AdWare.Win32.BookedSpace.c skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017455.exe.bac_a0 0168 NSIS: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017455.exe.bac_a0 0168 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017450.dll.bac_a0 0168 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\setup[1].exe.bac_a00168/stream/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.n skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\setup[1].exe.bac_a00168/stream/data0003 Infected: not-a-virus:AdWare.Win32.CASClient.f skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\setup[1].exe.bac_a00168/stream Infected: not-a-virus:AdWare.Win32.CASClient.f skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\setup[1].exe.bac_a00168 NSIS: infected - 3 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\setup[1].exe.bac_a00168 CryptFF.b: infected - 3 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017468.exe.bac_a0 0168 Infected: not-a-virus:AdWare.Win32.CASClient.f skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017411.dll.bac_a0 0168 Infected: Trojan-Dropper.Win32.Small.abe skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017419.dll.bac_a0 0168 Infected: not-a-virus:AdWare.Win32.HotSearchBar.b skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017413.exe.bac_a0 0168/data0001 Infected: Trojan-Downloader.NSIS.Agent.a skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017413.exe.bac_a0 0168 NSIS: infected - 1 skipped
C:\Documents and Settings\Matthew April\.housecall6.6\Quarantine\A0017413.exe.bac_a0 0168 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\U20D.tmp/InpB/TvmBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.c skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\U20D.tmp/InpB/TvmCore.dll Infected: not-a-virus:AdWare.Win32.TotalVelocity.aa skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\U20D.tmp/InpB/Tvm.exe Infected: not-a-virus:AdWare.Win32.TotalVelocity.aa skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\U20D.tmp/InpB Infected: not-a-virus:AdWare.Win32.TotalVelocity.aa skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\U20D.tmp CAB: infected - 4 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\WIN218.tmp Infected: not-a-virus:AdWare.Win32.HotSearchBar.b skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV176.tmp/data0003 Infected: Trojan-Downloader.Win32.Apropo.r skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV176.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV177.tmp/data0003 Infected: Trojan-Downloader.Win32.Apropo.r skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV177.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV178.tmp/data0003 Infected: Trojan-Downloader.Win32.Apropo.r skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV178.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV5.tmp/data0003 Infected: Trojan-Downloader.Win32.Agent.oa skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV5.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV6.tmp/data0003 Infected: not-a-virus:AdWare.Win32.Sahat.al skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV6.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV7.tmp/data0003 Infected: Trojan-Downloader.Win32.Agent.oa skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV7.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV8.tmp/data0003 Infected: not-a-virus:AdWare.Win32.Sahat.al skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV8.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV9.tmp/data0003 Infected: Trojan-Downloader.Win32.Agent.oa skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV9.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV45.tmp/data0003 Infected: Trojan-Downloader.Win32.Agent.oa skipped
C:\Documents and Settings\Deborah Revtak\Local Settings\Temp\INV45.tmp NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\cpdef2.exe/data0003 Infected: Trojan-Downloader.Win32.Apropo.r skipped
C:\Documents and Settings\Deborah Revtak\cpdef2.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\ridemgInst.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.oa skipped
C:\Documents and Settings\Deborah Revtak\ridemgInst.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Deborah Revtak\sahInst.exe/data0003 Infected: not-a-virus:AdWare.Win32.Sahat.al skipped
C:\Documents and Settings\Deborah Revtak\sahInst.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Tiffany April\Desktop\cpdef2.exe/data0003 Infected: Trojan-Downloader.Win32.Apropo.r skipped
C:\Documents and Settings\Tiffany April\Desktop\cpdef2.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Tiffany April\cpdef3.exe/data0003 Infected: Trojan-Downloader.Win32.Apropo.ab skipped
C:\Documents and Settings\Tiffany April\cpdef3.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Tiffany April\ridemgInst.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.oa skipped
C:\Documents and Settings\Tiffany April\ridemgInst.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Tiffany April\sahInst.exe/data0003 Infected: not-a-virus:AdWare.Win32.Sahat.al skipped
C:\Documents and Settings\Tiffany April\sahInst.exe NSIS: infected - 1 skipped
C:\Program Files\a-squared Free\Quarantine\4af56e3cce8a9dafdced624efd46a550.a 2q/WINDOWS/inst/3p_2.exe/WISE0001.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\a-squared Free\Quarantine\4af56e3cce8a9dafdced624efd46a550.a 2q/WINDOWS/inst/3p_2.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\a-squared Free\Quarantine\4af56e3cce8a9dafdced624efd46a550.a 2q/WINDOWS/inst/3p_2.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\a-squared Free\Quarantine\4af56e3cce8a9dafdced624efd46a550.a 2q ZIP: infected - 3 skipped
C:\Program Files\a-squared Free\Quarantine\f8fdc8b497924ff43800ef040335728b.a 2q/WINDOWS/system32/MegasearchBarSetup.dll Infected: not-a-virus:AdWare.Win32.F1Organizer.n skipped
C:\Program Files\a-squared Free\Quarantine\f8fdc8b497924ff43800ef040335728b.a 2q ZIP: infected - 1 skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP74\A0015903.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP74\A0015905.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP74\A0015918.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.35684 skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP77\A0016124.exe Object is locked skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP77\A0016128.exe Object is locked skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP77\A0016133.dll Object is locked skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP77\A0016139.exe Infected: Trojan-Downloader.Win32.Agent.tf skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP78\A0017275.exe/PgSDK.DLL Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.d skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP78\A0017275.exe ViseMan: infected - 1 skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP78\A0017275.exe ViseMan: infected - 1 skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP78\A0017302.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.h skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP78\A0017302.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP78\A0017309.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.a skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP78\A0017309.exe/data0003 Infected: not-a-virus:AdWare.Win32.CASClient.e skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP78\A0017309.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP79\A0017412.dll Infected: Trojan-Dropper.Win32.Small.abe skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP79\A0017418.dll Infected: not-a-virus:AdWare.Win32.Agent.e skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP79\A0017452.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.f skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP79\A0017474.dll Infected: not-a-virus:AdWare.Win32.F1Organizer.n skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP79\A0017604.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP81\A0018939.exe/data0002 Infected: not-a-virus:AdWare.Win32.HotSearchBar.b skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP81\A0018939.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP81\A0018940.exe/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP81\A0018940.exe/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP81\A0018940.exe/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP81\A0018940.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP81\A0018940.exe/data0008 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP81\A0018940.exe/data0009 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP81\A0018940.exe NSIS: infected - 6 skipped
C:\System Volume Information\_restore{1A5B95FE-FC58-4002-B17D-1974C994BAAD}\RP82\change.log Object is locked skipped

Scan process completed.
HELP_ME is offline   Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
HJT log 34erd Computer Security 5 08-10-2006 01:04 PM
HJT log 34erd Computer Security 11 06-16-2006 05:12 AM
HJT Log what is it? zeneena Computer Security 10 12-07-2005 11:11 PM
HJT log file phantom Computer Security 9 12-05-2005 03:33 AM
Post #1 HJT Log (too long for one post) 354 Computer Security 8 08-15-2005 11:02 PM

All times are GMT +1. The time now is 06:50 PM.


Powered by: vBulletin Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 ©2008, Crawlability, Inc.
Copyright © 2002-2008 Computer Forum and Web Design Forum