View Full Version : Cannot Remove Virus
I'm sorry, I went on vacation and didn't have internet access, but I'm back now and appreciate all the help.
Here is my HJTLog:
Logfile of HijackThis v1.99.1
Scan saved at 8:47:30 AM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180/component/VZWDLManager.cab
O16 - DPF: {29D73455-3ADA-49BB-9067-44822F6728F5} - http://www.joga.com/activex/uploadactx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://315426.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Rahina Rescue
2 Mar 2007, 5:16pm
Hello Metoo! Welcome Back, i hope you had a relaxing vacation :smiles:
We'll Continue ;)
I Would like to see an Uninstall list from Hijackthis.
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Flash Player 9 ActiveX
Adobe Shockwave Player
Arthur's Reading Race
avast! Antivirus
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Cars - Radiator Springs Adventures
CCleaner (remove only)
Dell Driver Reset Tool
Dell Photo Printer 720
Diskeeper Lite
Dreamship Tales
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
InterActual Player
Kaspersky Online Scanner
LG USB Drivers
MailFrontier Desktop
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Event Monitor
Modem Helper
Modem On Hold
Monopoly Star Wars
Mozilla Firefox (2.0.0.1)
Mozilla Firefox (2.0.0.2)
MSN
Musicmatch for Windows Media Player
Musicmatch® Jukebox
Operation
PaperPort
Preschool v1.0
Registry Mechanic 5.0
Rhapsody Player Engine
Scooby-Doo(TM), Case File #1 The Glowing Bug Man
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Smart Menus (Windows Live Toolbar)
SoundMAX
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Uninstall Curious George RW&S
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB931836)
Vehicle Voyages
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
WordPerfect Office 11
WordPerfect Office 12
ZoneAlarm
Oh and thank you Rahina, it was an excellent vacation!
Rahina Rescue
2 Mar 2007, 8:32pm
Looks Good.
Please print these instructions out, or write them down, as you can't read them during the fix.
Please download MWav (http://www.spywareinfo.dk/download/mwav.exe):
Unzip it to its predetermined directory (C:\Kaspersky)
Locate kavupd.exe in the new folder and double-click to Update.
If your firewall gives any messages about this program accessing to internet, allow it.
If it says the signatures are more than 30 days old, keep trying, until you get the actual definition updates.
When you see Updates Downloaded Successfully, hit Enter to continue.
Restart onto Safe Mode (http://www.pchell.com/support/safemode.shtml) and locate the Kaspersky folder.
Locate mwavscan.com and double-click on it to launch the MWAV Scanner.Now lets do the settings:
Leave the Default Settings checked.
Add a check to Drives
This will light up All Drives
Add a check to Scan all Files
Click Scan Clean to begin.
This scan might take around 3+ hours to finish when set to scan everything.
Please be sure it has finished before proceeding.
Once the scan has finished, all entries identified as Infected, will be displayed in the lower panel.
Highlight everything that is inside the lower panel and hit Ctrl+C at the same time to copy.
Open an empty notepad file and paste the results (Ctrl+V) to it. Save the notepad to your desktop, name it as you want (e.g; MWav Results).Reboot into normal Windows and post the results here along with a fresh HijackThis log.
How are things running now?
The "MWav" link you posted is not working properly. Most of the time, it times out, a couple times it eventually downloads something, but it's just the "shell" for lack of better terminology.
I googled MWav.exe, but it doesn't have the kavupd.exe. I'm not sure what to do.
I have also looked for kavupd.exe, but it doesn't look like there are any places to download it.
Ok, it's working now...
If I can follow the directions that you left, I'll post as soon as I have finished.
Thanks again
Here are the MWav Results:
File C:\Program Files\DownloadManager\api.exe infected by "Backdoor.Win32.Agent.so" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP771\A0044134.dll infected by "Packed.Win32.Klone.j" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP777\A0044513.dll infected by "Packed.Win32.Klone.j" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP778\A0044586.dll infected by "Packed.Win32.Klone.j" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP778\A0044587.dll infected by "Packed.Win32.Klone.j" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP778\A0044588.dll infected by "Packed.Win32.Klone.j" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP778\A0044589.dll infected by "Packed.Win32.Klone.j" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP778\A0044590.dll infected by "Packed.Win32.Klone.j" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP778\A0044591.dll infected by "Packed.Win32.Klone.j" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP778\A0044592.dll infected by "Packed.Win32.Klone.j" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP779\A0044694.exe tagged as not-a-virus:AdWare.Win32.NewDotNet.e. No Action Taken.
File C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP779\A0044806.exe infected by "Backdoor.Win32.Agent.so" Virus. Action Taken: File Renamed.
File C:\VundoFix Backups\hhnopuol.dll.bad infected by "Packed.Win32.Klone.j" Virus. Action Taken: File Renamed.
Logfile of HijackThis v1.99.1
Scan saved at 7:29:15 PM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180/component/VZWDLManager.cab
O16 - DPF: {29D73455-3ADA-49BB-9067-44822F6728F5} - http://www.joga.com/activex/uploadactx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://315426.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Rahina Rescue
3 Mar 2007, 5:58am
Alright Looks good :)
Now, Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file (if present):
C:\Program Files\DownloadManager\api.exe
Also Emtpy this Folder:
C:\VundoFix Backups
==
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.2. Restart your computer.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
System Restore will now be active again.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topict405.html)
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls (http://www.bleepingcomputer.com/forums/tutorial60.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers (http://www.bleepingcomputer.com/forums/tutorial43.html)
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/tutorial48.html)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/forums/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
here are some additional utilities that will enhance your safety
IE/Spyad (http://www.bleepingcomputer.com/tutorials/tutorial53.html) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Let me know if you still receive problems :)
Thank you VERY MUCH Rahina!
I surely appreciate all your help.
Take care and good luck to you!
Rahina Rescue
3 Mar 2007, 8:11am
Glad I could be of assistance! :smiles:
The help you received here was free. Please read through some of these Prevention Tips (http://www.short-media.com/forum/showthread.php?t=39435) that Short-Media offers.
This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread (http://www.short-media.com/forum/newthread.php?do=newthread&f=57) instead. :)
Rahina Rescue
3 Mar 2007, 10:31am
Thread Re-Opened by User's request.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 03, 2007 4:06:49 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/03/2007
Kaspersky Anti-Virus database records: 275584
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 50606
Number of viruses found: 1
Number of infected objects: 9 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:36:40
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Credentials\S-1-5-21-956346901-3262614430-1109689657-1010\Credentials Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\BRNDLOG.BAK Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\BRNDLOG.TXT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR12.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR13.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR14.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR15.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR16.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\ListCache.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\MapFile\TFR17.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\MapFile\TFR36.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\MapFile\TFR4F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata00.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata01.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata02.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata03.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata04.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata05.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata06.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata07.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata08.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata09.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata10.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata11.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata12.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR10.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR37.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR38.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR39.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR40.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR41.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR42.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR43.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR44.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR45.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR46.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR47.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR48.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR49.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR6.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR7.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR8.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR9.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRA.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRB.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRC.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRD.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRE.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRF.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR19.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR1B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR1D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR1F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR21.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR23.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR25.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR27.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR29.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR2B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR2D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR2F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR31.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR33.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR35.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR5D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR5E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR5F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR60.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR61.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\ListCache.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\MapFile\TFR62.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\MapFile\TFR81.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\MapFile\TFR94.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata00.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata01.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata02.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata03.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR51.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR52.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR53.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR54.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR55.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR56.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR57.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR58.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR59.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR5A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR5B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR86.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR87.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR88.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR89.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR90.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR91.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR92.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR93.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR64.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR66.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR68.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR6A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR6C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR6E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR70.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR72.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR74.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR76.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR78.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR7A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR7C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR7E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR80.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1003\15aa42ac-aea2-48e4-bdc3-00a9872c44c9 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1003\Preferred Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1010\8d723408-edea-4412-a47b-284ab39c0778 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1010\Preferred Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Sonic\Update Manager\sumdb.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Dell Auction.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Dell.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Gigabuys.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Support.Dell.com.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\RealPlayer.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Media\Real.com Radio Tuner.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\RealPlayer Home Page.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\HelpCtr\HelpSessionHistory.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\History\History.IE5\MSHist012006072820060729\index.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\History\History.IE5\MSHist012006072920060730\index.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{03344743-29AA-405D-8830-8A777BE08998}_Large.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{03344743-29AA-405D-8830-8A777BE08998}_Small.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{6C3CA880-FE3D-4934-B3F9-DEAB73CDF08D}_Large.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{6C3CA880-FE3D-4934-B3F9-DEAB73CDF08D}_Small.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Canyon__Mansion_On_The_Mountain.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Chuck_Prophet__What_Makes_the_Monkey_Dance.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Cordero__Vamos_Nenas.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Drive_by_Truckers__My_Sweet_Annette.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Get More with Jukebox Plus.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Imperial_Teen__Sugar.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Jon_Dee_Graham__One_Moment.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\My Playlists\DMX_TempList.wpl Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Secondhand_Jive__San_Francisco96.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Slobberbone__Sister_Beams.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\The_Flatlanders__Julia.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\01 Track 1.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\02 Track 2.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\03 Track 3.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\04 Track 4.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\05 Track 5.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\06 Track 6.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\07 Track 7.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\08 Track 8.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\09 Track 9.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\10 Track 10.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\11 Track 11.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\12 Track 12.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\13 Track 13.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\14 Track 14.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\15 Track 15.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\16 Track 16.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\17 Track 17.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Vic_Chestnut__Im_Through.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript1.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript2.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript3.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript4.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript5.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript6.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript7.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript8.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript9.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Videos\Experience.mpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Videos\Thumbs.db Object is locked skipped
C:\Documents and Settings\Dr. Enro\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dr. Enro\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Dr. Enro\SendTo\RecordNow!.RecordNowSendToExt Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\EXCEL.XLS Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\EXCEL4.XLS Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\LOTUS.WK4 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\POWERPNT.PPT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\PRESENTA.SHW Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\QUATTRO.WB2 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\SNDREC.WAV Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WINWORD.DOC Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WINWORD2.DOC Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WORDPFCT.WPD Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WORDPFCT.WPG Object is locked skipped
C:\Documents and Settings\Jase\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\History\History.IE5\MSHist012007030320070304\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jase\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jase\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\InstallShield Installation Information\{7BF68B83-5057-4D4B-0093-28285EEB9EE3}\setup.ilg Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0343.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0344.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0345.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0346.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0347.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0348.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0349.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0350.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0351.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0352.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\ZbThumbnail.info Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0343.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0344.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0345.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0346.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0347.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0348.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0349.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0350.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0351.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0352.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\ZbThumbnail.info Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\HOTTENROTH.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{71EDA50A-9A26-4F32-9323-A5754DAA05BB}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Antivirus.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\cqjfqlvt.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\SYSTEM32\dmblaghe.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\SYSTEM32\esnjewag.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\SYSTEM32\ghoblfug.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\nwmjqqoj.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\SYSTEM32\rhhlibbm.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\SYSTEM32\skvkyiix.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\SYSTEM32\smhuaddv.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\xqpwimhh.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\Temp\Perflib_Perfdata_760.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT03ea7.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT03eae.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Rahina Rescue
3 Mar 2007, 10:58am
Please download the Killbox by Option^Explicit (http://www.downloads.subratam.org/KillBox.exe).
Note: In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop.
Please double-click Killbox.exe to run it.
Select: Delete on Reboot then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\SYSTEM32\cqjfqlvt.dll
C:\WINDOWS\SYSTEM32\dmblaghe.dll
C:\WINDOWS\SYSTEM32\esnjewag.dll
C:\WINDOWS\SYSTEM32\ghoblfug.dll
C:\WINDOWS\SYSTEM32\nwmjqqoj.dll
C:\WINDOWS\SYSTEM32\rhhlibbm.dll
C:\WINDOWS\SYSTEM32\skvkyiix.dll
C:\WINDOWS\SYSTEM32\mhuaddv.dll
C:\WINDOWS\SYSTEM32\xqpwimhh.dll
==
Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here (http://www.eudaemonia.me.uk/downloads/Files/missingfilesetup.exe) to download and run missingfilesetup.exe. Then try Killbox again.
Now, Re-scan using Kaspersky Online Scanner And Post the results in your next reply.
Let me know how things are now :smiles:
ok, I deleted the file paths and did not receive any messages that you mentioned.
I'm going to run a kaspersky scan now...
just a heads up, as soon as I started the Kaspersky scan it found a virus and 8 infected objects. As it was scanning, I noticed that it had the killbox.exe named in the filepaths that it was scanning when the infected objects count was going up.
Do you think that the virus is infecting the .exe's whenever I download them?
Rahina Rescue
3 Mar 2007, 12:09pm
I Think Kaspersky Just found those Files In Killbox Backups Folder.
I would like to see Kasperky Online Scanner Report.
Thanks.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 03, 2007 7:16:19 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/03/2007
Kaspersky Anti-Virus database records: 275584
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 50883
Number of viruses found: 1
Number of infected objects: 17 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:39:35
Infected Object Name / Virus Name / Last Action
C:\!KillBox\cqjfqlvt.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\dmblaghe.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\esnjewag.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\ghoblfug.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\nwmjqqoj.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\rhhlibbm.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\skvkyiix.dll Infected: Packed.Win32.Klone.j skipped
C:\!KillBox\xqpwimhh.dll Infected: Packed.Win32.Klone.j skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Credentials\S-1-5-21-956346901-3262614430-1109689657-1010\Credentials Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\BRNDLOG.BAK Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\BRNDLOG.TXT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR12.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR13.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR14.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR15.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR16.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\ListCache.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\MapFile\TFR17.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\MapFile\TFR36.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\MapFile\TFR4F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata00.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata01.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata02.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata03.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata04.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata05.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata06.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata07.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata08.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata09.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata10.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata11.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata12.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR10.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR37.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR38.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR39.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR40.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR41.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR42.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR43.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR44.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR45.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR46.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR47.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR48.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR49.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR6.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR7.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR8.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR9.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRA.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRB.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRC.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRD.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRE.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRF.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR19.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR1B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR1D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR1F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR21.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR23.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR25.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR27.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR29.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR2B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR2D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR2F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR31.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR33.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR35.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR5D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR5E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR5F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR60.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR61.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\ListCache.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\MapFile\TFR62.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\MapFile\TFR81.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\MapFile\TFR94.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata00.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata01.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata02.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata03.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR51.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR52.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR53.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR54.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR55.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR56.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR57.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR58.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR59.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR5A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR5B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR86.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR87.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR88.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR89.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR90.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR91.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR92.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR93.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR64.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR66.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR68.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR6A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR6C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR6E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR70.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR72.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR74.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR76.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR78.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR7A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR7C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR7E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR80.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1003\15aa42ac-aea2-48e4-bdc3-00a9872c44c9 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1003\Preferred Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1010\8d723408-edea-4412-a47b-284ab39c0778 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1010\Preferred Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Sonic\Update Manager\sumdb.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Dell Auction.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Dell.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Gigabuys.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Support.Dell.com.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\RealPlayer.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Media\Real.com Radio Tuner.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\RealPlayer Home Page.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\HelpCtr\HelpSessionHistory.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\History\History.IE5\MSHist012006072820060729\index.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\History\History.IE5\MSHist012006072920060730\index.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{03344743-29AA-405D-8830-8A777BE08998}_Large.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{03344743-29AA-405D-8830-8A777BE08998}_Small.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{6C3CA880-FE3D-4934-B3F9-DEAB73CDF08D}_Large.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{6C3CA880-FE3D-4934-B3F9-DEAB73CDF08D}_Small.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Canyon__Mansion_On_The_Mountain.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Chuck_Prophet__What_Makes_the_Monkey_Dance.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Cordero__Vamos_Nenas.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Drive_by_Truckers__My_Sweet_Annette.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Get More with Jukebox Plus.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Imperial_Teen__Sugar.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Jon_Dee_Graham__One_Moment.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\My Playlists\DMX_TempList.wpl Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Secondhand_Jive__San_Francisco96.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Slobberbone__Sister_Beams.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\The_Flatlanders__Julia.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\01 Track 1.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\02 Track 2.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\03 Track 3.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\04 Track 4.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\05 Track 5.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\06 Track 6.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\07 Track 7.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\08 Track 8.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\09 Track 9.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\10 Track 10.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\11 Track 11.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\12 Track 12.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\13 Track 13.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\14 Track 14.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\15 Track 15.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\16 Track 16.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\17 Track 17.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Vic_Chestnut__Im_Through.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript1.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript2.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript3.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript4.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript5.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript6.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript7.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript8.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript9.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Videos\Experience.mpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Videos\Thumbs.db Object is locked skipped
C:\Documents and Settings\Dr. Enro\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dr. Enro\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Dr. Enro\SendTo\RecordNow!.RecordNowSendToExt Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\EXCEL.XLS Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\EXCEL4.XLS Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\LOTUS.WK4 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\POWERPNT.PPT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\PRESENTA.SHW Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\QUATTRO.WB2 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\SNDREC.WAV Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WINWORD.DOC Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WINWORD2.DOC Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WORDPFCT.WPD Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WORDPFCT.WPG Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\history.dat Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\key3.db Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jase\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\History\History.IE5\MSHist012007030320070304\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jase\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jase\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\InstallShield Installation Information\{7BF68B83-5057-4D4B-0093-28285EEB9EE3}\setup.ilg Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0343.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0344.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0345.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0346.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0347.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0348.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0349.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0350.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0351.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0352.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\ZbThumbnail.info Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0343.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0344.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0345.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0346.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0347.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0348.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0349.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0350.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0351.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0352.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\ZbThumbnail.info Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000137.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000138.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000139.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000140.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000141.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000142.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000143.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\A0000144.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\HOTTENROTH.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9039B55E-1C6B-4FC1-8392-38CAD5503A58}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Antivirus.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\smhuaddv.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6ec.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT02e13.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT030e9.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
I noticed that in IE I cannot run Bitdefender or Panda Scan.
Also, when the computer reboots, the My Documents folder always opens...in Windows Explorer I think.
Rahina Rescue
3 Mar 2007, 2:21pm
Please Empty This Folder: C:\!KillBox
Please double-click Killbox.exe to run it.
Select: Delete on Reboot then Click on the All Files button.
Please copy the file path below to the clipboard by highlighting IT and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\SYSTEM32\smhuaddv.dll
==
Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.
==
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.2. Restart your computer.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
System Restore will now be active again.
==
1.Start => Run => Regedit => ok
2.Now navigate to the following key:-
HKEY_ LOCAL_ MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
3.Look down the list in the Right Hand pane,scroll down to the value Userinit This value should read: C:\WINDOWS\system32\userinit.exe, (The comma at the end must also be there)
4.If the value is different from that mentioned above then Right Click on the Userinit value and, from the drop down menu, select Modify. Type in the value C:\WINDOWS\system32\userinit.exe, in the Modify dialogue box click OK
5.Exit the Registry.Restart your computer.
Rahina Rescue
3 Mar 2007, 2:24pm
When you are done doing these Things Run a Scan Using Kaspersky Online Scanner.
When done scanning please post the results of the scan in your next reply.
Thanks. :smiles:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 03, 2007 10:50:44 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/03/2007
Kaspersky Anti-Virus database records: 275584
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 50705
Number of viruses found: 1
Number of infected objects: 1 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:36:24
Infected Object Name / Virus Name / Last Action
C:\!KillBox\smhuaddv.dll Infected: Packed.Win32.Klone.j skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Credentials\S-1-5-21-956346901-3262614430-1109689657-1010\Credentials Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\BRNDLOG.BAK Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\BRNDLOG.TXT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR12.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR13.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR14.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR15.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR16.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\ListCache.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\MapFile\TFR17.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\MapFile\TFR36.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\MapFile\TFR4F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata00.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata01.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata02.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata03.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata04.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata05.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata06.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata07.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata08.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata09.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata10.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata11.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata12.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR10.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR37.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR38.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR39.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR40.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR41.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR42.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR43.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR44.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR45.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR46.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR47.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR48.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR49.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR6.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR7.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR8.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR9.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRA.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRB.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRC.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRD.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRE.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRF.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR19.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR1B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR1D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR1F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR21.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR23.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR25.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR27.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR29.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR2B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR2D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR2F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR31.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR33.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR35.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR5D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR5E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR5F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR60.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR61.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\ListCache.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\MapFile\TFR62.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\MapFile\TFR81.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\MapFile\TFR94.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata00.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata01.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata02.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata03.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR51.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR52.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR53.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR54.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR55.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR56.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR57.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR58.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR59.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR5A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR5B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR86.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR87.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR88.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR89.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR90.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR91.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR92.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR93.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR64.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR66.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR68.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR6A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR6C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR6E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR70.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR72.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR74.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR76.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR78.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR7A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR7C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR7E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR80.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1003\15aa42ac-aea2-48e4-bdc3-00a9872c44c9 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1003\Preferred Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1010\8d723408-edea-4412-a47b-284ab39c0778 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1010\Preferred Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Sonic\Update Manager\sumdb.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Dell Auction.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Dell.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Gigabuys.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Support.Dell.com.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\RealPlayer.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Media\Real.com Radio Tuner.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\RealPlayer Home Page.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\HelpCtr\HelpSessionHistory.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\History\History.IE5\MSHist012006072820060729\index.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\History\History.IE5\MSHist012006072920060730\index.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{03344743-29AA-405D-8830-8A777BE08998}_Large.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{03344743-29AA-405D-8830-8A777BE08998}_Small.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{6C3CA880-FE3D-4934-B3F9-DEAB73CDF08D}_Large.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{6C3CA880-FE3D-4934-B3F9-DEAB73CDF08D}_Small.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Canyon__Mansion_On_The_Mountain.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Chuck_Prophet__What_Makes_the_Monkey_Dance.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Cordero__Vamos_Nenas.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Drive_by_Truckers__My_Sweet_Annette.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Get More with Jukebox Plus.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Imperial_Teen__Sugar.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Jon_Dee_Graham__One_Moment.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\My Playlists\DMX_TempList.wpl Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Secondhand_Jive__San_Francisco96.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Slobberbone__Sister_Beams.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\The_Flatlanders__Julia.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\01 Track 1.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\02 Track 2.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\03 Track 3.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\04 Track 4.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\05 Track 5.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\06 Track 6.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\07 Track 7.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\08 Track 8.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\09 Track 9.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\10 Track 10.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\11 Track 11.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\12 Track 12.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\13 Track 13.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\14 Track 14.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\15 Track 15.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\16 Track 16.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\17 Track 17.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Vic_Chestnut__Im_Through.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript1.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript2.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript3.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript4.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript5.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript6.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript7.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript8.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript9.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Videos\Experience.mpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Videos\Thumbs.db Object is locked skipped
C:\Documents and Settings\Dr. Enro\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dr. Enro\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Dr. Enro\SendTo\RecordNow!.RecordNowSendToExt Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\EXCEL.XLS Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\EXCEL4.XLS Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\LOTUS.WK4 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\POWERPNT.PPT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\PRESENTA.SHW Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\QUATTRO.WB2 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\SNDREC.WAV Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WINWORD.DOC Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WINWORD2.DOC Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WORDPFCT.WPD Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WORDPFCT.WPG Object is locked skipped
C:\Documents and Settings\Jase\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\History\History.IE5\MSHist012007030320070304\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jase\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jase\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\InstallShield Installation Information\{7BF68B83-5057-4D4B-0093-28285EEB9EE3}\setup.ilg Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0343.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0344.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0345.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0346.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0347.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0348.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0349.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0350.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0351.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0352.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\ZbThumbnail.info Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0343.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0344.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0345.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0346.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0347.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0348.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0349.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0350.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0351.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0352.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\ZbThumbnail.info Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\HOTTENROTH.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Antivirus.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6d0.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT011c3.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT011cd.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Rahina Rescue
3 Mar 2007, 5:57pm
Excellent Work! :smiles:
Please Empty this Folder again: C:\!KillBox
==
Download CCleaner (http://www.filehippo.com/download_ccleaner.html) to Program Files.
If you don't want the Yahoo toolbar, be sure to UN check that option when installing the software or update.
Instructions for using CCleaner:
Launch CCleaner and under Options > Advanced > UNcheck "Only delete files in Windows Temp folder older than 48 hours".
A pop up box will appear advising this process will permanently delete files from your system.
To protect logon cookies that you wish to retain, under Options > Cookies. Select and using the arrow move those cookies to the "Cookies to keep" column.
Then select the items you wish to clean up.
In the Windows Tab:
Clean all entries in the "Internet Explorer" section.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.
In the Applications Tab:
Clean all in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Please UNcheck "Utilities" (i.e., Ad-Aware, ewido and other security program logs.)
Click the "Run Cleaner" button and it will scan and clean your system.
Click exit.
Shutdown/restart the computer.
Please Let me know how things are running.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 03, 2007 12:30:25 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/03/2007
Kaspersky Anti-Virus database records: 275625
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 353
Number of viruses found: 1
Number of infected objects: 1 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:00:12
Infected Object Name / Virus Name / Last Action
C:\!KillBox\smhuaddv.dll Infected: Packed.Win32.Klone.j skipped
Scan was interrupted by user!
Rahina Rescue
3 Mar 2007, 6:34pm
Alright, No Nead to worry about that, if that's all?
Just empty the !Killbox folder :)
ok, cool!
I'll run another Kaspersky now that I've emptied the killbox file.
I'll post a full Kaspersky Log when finished.
Thanks again for all the help!
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 03, 2007 4:30:32 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/03/2007
Kaspersky Anti-Virus database records: 275630
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 50534
Number of viruses found: 1
Number of infected objects: 1 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:36:13
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Credentials\S-1-5-21-956346901-3262614430-1109689657-1010\Credentials Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\BRNDLOG.BAK Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\BRNDLOG.TXT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR12.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR13.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR14.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR15.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR16.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\ListCache.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\MapFile\TFR17.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\MapFile\TFR36.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\MapFile\TFR4F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata00.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata01.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata02.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata03.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata04.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata05.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata06.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata07.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata08.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata09.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata10.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata11.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata12.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR10.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR37.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR38.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR39.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR40.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR41.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR42.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR43.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR44.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR45.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR46.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR47.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR48.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR49.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR6.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR7.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR8.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR9.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRA.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRB.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRC.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRD.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRE.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRF.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR19.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR1B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR1D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR1F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR21.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR23.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR25.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR27.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR29.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR2B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR2D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR2F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR31.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR33.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR35.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR5D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR5E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR5F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR60.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR61.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\ListCache.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\MapFile\TFR62.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\MapFile\TFR81.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\MapFile\TFR94.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata00.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata01.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata02.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata03.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR51.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR52.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR53.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR54.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR55.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR56.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR57.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR58.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR59.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR5A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR5B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR86.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR87.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR88.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR89.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR90.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR91.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR92.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR93.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR64.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR66.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR68.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR6A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR6C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR6E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR70.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR72.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR74.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR76.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR78.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR7A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR7C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR7E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR80.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1003\15aa42ac-aea2-48e4-bdc3-00a9872c44c9 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1003\Preferred Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1010\8d723408-edea-4412-a47b-284ab39c0778 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1010\Preferred Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Sonic\Update Manager\sumdb.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Dell Auction.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Dell.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Gigabuys.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Support.Dell.com.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\RealPlayer.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Media\Real.com Radio Tuner.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\RealPlayer Home Page.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\HelpCtr\HelpSessionHistory.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\History\History.IE5\MSHist012006072820060729\index.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\History\History.IE5\MSHist012006072920060730\index.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{03344743-29AA-405D-8830-8A777BE08998}_Large.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{03344743-29AA-405D-8830-8A777BE08998}_Small.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{6C3CA880-FE3D-4934-B3F9-DEAB73CDF08D}_Large.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{6C3CA880-FE3D-4934-B3F9-DEAB73CDF08D}_Small.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Canyon__Mansion_On_The_Mountain.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Chuck_Prophet__What_Makes_the_Monkey_Dance.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Cordero__Vamos_Nenas.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Drive_by_Truckers__My_Sweet_Annette.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Get More with Jukebox Plus.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Imperial_Teen__Sugar.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Jon_Dee_Graham__One_Moment.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\My Playlists\DMX_TempList.wpl Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Secondhand_Jive__San_Francisco96.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Slobberbone__Sister_Beams.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\The_Flatlanders__Julia.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\01 Track 1.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\02 Track 2.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\03 Track 3.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\04 Track 4.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\05 Track 5.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\06 Track 6.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\07 Track 7.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\08 Track 8.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\09 Track 9.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\10 Track 10.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\11 Track 11.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\12 Track 12.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\13 Track 13.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\14 Track 14.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\15 Track 15.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\16 Track 16.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\17 Track 17.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Vic_Chestnut__Im_Through.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript1.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript2.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript3.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript4.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript5.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript6.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript7.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript8.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript9.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Videos\Experience.mpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Videos\Thumbs.db Object is locked skipped
C:\Documents and Settings\Dr. Enro\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dr. Enro\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Dr. Enro\SendTo\RecordNow!.RecordNowSendToExt Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\EXCEL.XLS Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\EXCEL4.XLS Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\LOTUS.WK4 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\POWERPNT.PPT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\PRESENTA.SHW Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\QUATTRO.WB2 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\SNDREC.WAV Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WINWORD.DOC Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WINWORD2.DOC Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WORDPFCT.WPD Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WORDPFCT.WPG Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\history.dat Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\key3.db Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jase\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\History\History.IE5\MSHist012007030320070304\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jase\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jase\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\InstallShield Installation Information\{7BF68B83-5057-4D4B-0093-28285EEB9EE3}\setup.ilg Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0343.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0344.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0345.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0346.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0347.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0348.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0349.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0350.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0351.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0352.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\ZbThumbnail.info Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0343.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0344.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0345.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0346.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0347.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0348.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0349.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0350.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0351.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0352.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\ZbThumbnail.info Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000066.dll Infected: Packed.Win32.Klone.j skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\HOTTENROTH.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{642BA9B0-590E-4235-AFE7-EE133E60AF79}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Antivirus.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6c8.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT076c1.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT076c4.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Here's a Panda Active Scan log:
Incident Status Location
Potentially unwanted tool:application/funweb Not disinfected
c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:application/mywebsearch Not disinfected
hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Spyware:spyware/virtumonde Not disinfected
Windows Registry
Adware:adware/comet Not disinfected
Windows Registry
Spyware:Cookie/Toplist Not disinfected
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Adrevolver Not disinfected
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Casalemedia Not disinfected
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\cookies.txt[.casalemedia.com/]
Potentially unwanted tool:Application/MediaPipe Not disinfected
C:\Program Files\DownloadManager\insdl.dll
Potentially unwanted tool:Application/MediaPipe Not disinfected
C:\Program Files\DownloadManager\p2pinst.exe
Potentially unwanted tool:Application/MediaPipe Not disinfected
C:\Program Files\MediaPipe\register.dll
Adware:Adware/CommAd Not disinfected
C:\WINDOWS\SmFzZSBIb3R0ZW5yb3Ro\mAIWtm1KvalXtqcVvalC.vbs
I've tried to run a Bitdefender Online Scan, but when I click the link, nothing happens. I assume that whatever has infected the PC is blocking it.
Spybot finds a bunch of stuff, but cannot clean it.
Rahina Rescue
4 Mar 2007, 7:07am
I've tried to run a Bitdefender Online Scan, but when I click the link, nothing happens. I assume that whatever has infected the PC is blocking it.
We don't nead any more scanner's here. We'll Handle this without using bitdefenders online scanner.
Kaspersky log looks Clean, I suggest You clean your system Restore once again.
Let's have a look, panda is finding some lefover's in the registry we might have to clean it up too:
Start With this:
Download VirtumundoBegone (http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe)
Save VirtumundoBeGone.exe to your desktop.
Run VirtumundoBeGone.exe and follow the instructions. Do not worry if you see a BLUE SCREEN "Fatal Error" Message, this is normal and expected.
When it has finished, reboot.
==
Now do the following:
Go to Start » Run » type in: regedit » OK.
On the leftside, click to highlight My Computer at the top.
Go up to File » Export
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.
Choose to save it to C:\
Click Save and then go to File » Exit.
This is so the registry can be restored to this point if we need it. It may take a minute.
Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)
REGEDIT4
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}]
Save this as fix.reg Choose to save as all files and place it on your desktop.
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
Alright, when you are done with that, :
Next, Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):
MediaPipe
Now, Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):
C:\Program Files\DownloadManager\insdl.dll
C:\Program Files\DownloadManager\p2pinst.exe
And search The Following folder, Delete ( If Present)
C:\Program Files\MediaPipe
C:\WINDOWS\SmFzZSBIb3R0ZW5yb3Ro
VirtumundoBeGone created a log on your desktop called VBG.TXT, post this log and a HiJackThis log
Before scanning with the online scanner's make sure u Use CCleaner to clean up cookies etc..
After that you have scanned with Kaspersky & Panda Online scanners, Be sure you post the results in here in your next reply.
Thanks.
Rahina Rescue
4 Mar 2007, 7:14am
Please Save the logfile made by Spybot, i would like to see what it found :)
Logfile of HijackThis v1.99.1
Scan saved at 1:28:57 AM, on 3/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program
Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event
Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft
Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program
Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program
Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog
Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP
Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search &
Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program
Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) -
http://63.251.81.180/component/VZWDLManager.cab
O16 - DPF: {29D73455-3ADA-49BB-9067-44822F6728F5} -
http://www.joga.com/activex/uploadactx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://315426.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1
\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1
\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program
Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program
Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
[03/04/2007, 1:12:23] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jase\Desktop\VirtumundoBeGone.exe" )
[03/04/2007, 1:12:42] - Detected System Information:
[03/04/2007, 1:12:42] - Windows Version: 5.1.2600, Service Pack 2
[03/04/2007, 1:12:42] - Current Username: Jase (Admin)
[03/04/2007, 1:12:42] - Windows is in NORMAL mode.
[03/04/2007, 1:12:42] - Searching for Browser Helper Objects:
[03/04/2007, 1:12:42] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[03/04/2007, 1:12:42] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/04/2007, 1:12:42] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[03/04/2007, 1:12:42] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[03/04/2007, 1:12:42] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/04/2007, 1:12:43] - BHO 3: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[03/04/2007, 1:12:43] - Finished Searching Browser Helper Objects
[03/04/2007, 1:12:43] - Finishing up...
[03/04/2007, 1:12:43] - Nothing found! Exiting...
[03/04/2007, 1:13:25] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jase\Desktop\VirtumundoBeGone.exe" )
[03/04/2007, 1:13:27] - Detected System Information:
[03/04/2007, 1:13:27] - Windows Version: 5.1.2600, Service Pack 2
[03/04/2007, 1:13:27] - Current Username: Jase (Admin)
[03/04/2007, 1:13:27] - Windows is in NORMAL mode.
[03/04/2007, 1:13:27] - Searching for Browser Helper Objects:
[03/04/2007, 1:13:27] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[03/04/2007, 1:13:27] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/04/2007, 1:13:27] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[03/04/2007, 1:13:27] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[03/04/2007, 1:13:27] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/04/2007, 1:13:27] - BHO 3: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[03/04/2007, 1:13:27] - Finished Searching Browser Helper Objects
[03/04/2007, 1:13:27] - Finishing up...
[03/04/2007, 1:13:27] - Nothing found! Exiting...
[03/04/2007, 1:13:42] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Jase\Desktop\VirtumundoBeGone.exe" )
[03/04/2007, 1:13:43] - Detected System Information:
[03/04/2007, 1:13:43] - Windows Version: 5.1.2600, Service Pack 2
[03/04/2007, 1:13:43] - Current Username: Jase (Admin)
[03/04/2007, 1:13:43] - Windows is in NORMAL mode.
[03/04/2007, 1:13:43] - Searching for Browser Helper Objects:
[03/04/2007, 1:13:43] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} ()
[03/04/2007, 1:13:43] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/04/2007, 1:13:43] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[03/04/2007, 1:13:43] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[03/04/2007, 1:13:43] - BHO 2: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/04/2007, 1:13:43] - BHO 3: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
[03/04/2007, 1:13:43] - Finished Searching Browser Helper Objects
[03/04/2007, 1:13:43] - Finishing up...
[03/04/2007, 1:13:43] - Nothing found! Exiting...
Here is the part of the Spybot log that couldn't be cleaned. I can't post the entire log as it has far too many characters.
--- Search result list ---
CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com\*!=W=4
CoolWWWSearch.Leftovers: Trusted Site (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greatplugin.com\*!=W=4
CoolWWWSearch.Mupdate: Trusted Site (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\masspass.com\*!=W=4
CoolWWWSearch.Toolband: Trusted Site (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isprime.com\*!=W=4
ABetterInternet: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com\*!=W=4
MediaMotor: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ewizard.cc\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\****-****.org\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ga31.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v-224.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\veryeasysearch.com\*!=W=4
Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Thanks for being so patient through all of this...it is greatly appreciated!
You Rock!
Rahina Rescue
4 Mar 2007, 7:52am
No Problem :smiles:
We'll Continue
Download CWShredder (http://cwshredder.net/bin/CWShredder.exe) to its own folder.
Update CWShredder
Open CWShredder and click I AGREE
Click Check For Update
Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.
==
Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.exe) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm (http://www.beyondlogic.org/consulting/processutil/processutil.htm)
In you Next Reply Please Post The content of smitfraudfix.
Thanks.
SmitFraudFix v2.147
Scan done at 2:14:01.43, Sun 03/04/2007
Run from C:\Documents and Settings\Jase\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jase
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jase\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Jase\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Rahina Rescue
4 Mar 2007, 8:21am
you should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, fouble-click smitfraudfix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background
SmitFraudFix v2.147
Scan done at 2:33:00.46, Sun 03/04/2007
Run from C:\Documents and Settings\Jase\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
I'm not sure anything happened.
CWShredder didn't find anything.
After posting the Smitfraud log, I ran another Spybot scan and it came up with the exact same stuff. 19 items, none of which it could fix.
:)
Rahina Rescue
4 Mar 2007, 9:35am
Well, There's nothing Critical Left on your system.
I wonder what Spybot is finding?
Could you please Add the Logfile. :)
Thanks.
Do you want the entire log file broken up into parts, or just the beginning with the names/filepaths?
Rahina Rescue
4 Mar 2007, 11:53am
Please try to paste the whole Report of Spybot in here.
After attempting to fix it, it says that some files could not be fixed and that a reason could be that some files are still in use in memory.
Then it requests permission to run on boot.
I have said yes before, but it couldn't remove any of the 19 things.
I'll post the log in a second.
CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ysbweb.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com\*!=W=4
CoolWWWSearch.Leftovers: Trusted Site (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greatplugin.com\*!=W=4
CoolWWWSearch.Mupdate: Trusted Site (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\masspass.com\*!=W=4
CoolWWWSearch.Toolband: Trusted Site (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isprime.com\*!=W=4
ABetterInternet: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\popuppers.com\*!=W=4
MediaMotor: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.net\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ewizard.cc\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\****-****.org\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ga31.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rf104.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\v-224.com\*!=W=4
Smitfraud-C.: User settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\veryeasysearch.com\*!=W=4
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2007-02-06 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2007-01-15 advcheck.dll (1.2.1.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2007-01-02 Tools.dll (2.0.1.0)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2007-02-28 Includes\Cookies.sbi (*)
2006-12-08 Includes\Dialer.sbi (*)
2007-02-28 Includes\DialerC.sbi (*)
2007-02-07 Includes\Hijackers.sbi (*)
2007-02-28 Includes\HijackersC.sbi (*)
2006-10-27 Includes\Keyloggers.sbi (*)
2007-02-28 Includes\KeyloggersC.sbi (*)
2007-02-14 Includes\Malware.sbi (*)
2007-02-28 Includes\MalwareC.sbi (*)
2007-01-19 Includes\PUPS.sbi (*)
2007-02-28 Includes\PUPSC.sbi (*)
2007-02-28 Includes\Revision.sbi (*)
2006-12-08 Includes\Security.sbi (*)
2007-02-28 Includes\SecurityC.sbi (*)
2007-02-02 Includes\Spybots.sbi (*)
2007-02-28 Includes\SpybotsC.sbi (*)
2005-02-17 Includes\Tracks.uti
2007-02-14 Includes\Trojans.sbi (*)
2007-02-28 Includes\TrojansC.sbi (*)
That is the results, I can save a full report if you like?
That's what I did before, I didn't click the safe "results" option, that's why the log file was so large. I believe it was some 3,000,000 characters. It said to reduce it to something like 500,000 or something like that.
I can still post a full report if you like...
Also, I still have the Spybot session open, should I allow it to run on boot?
Rahina Rescue
4 Mar 2007, 12:18pm
Hold on, I will post Instructions in a sec :smiles:
Rahina Rescue
4 Mar 2007, 12:33pm
Go to Start » Run » type in: regedit » OK.
On the leftside, click to highlight My Computer at the top.
Go up to File » Export
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.
Choose to save it to C:\
Click Save and then go to File » Exit.
This is so the registry can be restored to this point if we need it. It may take a minute.
Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)
REGEDIT4
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\ysbweb.com]
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\clickspring.net]
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\my-internet.info]
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\scoobidoo.com]
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\greatplugin.com]
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\masspass.com]
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\isprime.com]
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\popuppers.com]
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\media-motor.net]
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\cc20foreva.com]
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\ewizard.cc]
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\fast-look.com
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\****-****.org]
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\ga31.com]
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\letgohome.com]
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\msnprotection.com]
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\rf104.com]
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\v-224.com]
[-HKEY_USERS\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\veryeasysearch.com]
Save this as fix.reg Choose to save as all files and place it on your desktop.
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! I Suggest you print these Instructions out.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
Once in Safe Mode:
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot back into Normal Mode, and post a new HJT log, along with the AVG Anti-Spyware log.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:13:29 AM 3/4/2007
+ Scan result:
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\BrowserSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\BrowserSearch\BrowserSearch.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\BrowserSearch\BrowserSearch.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ErrorSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ErrorSearch\ErrorSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Games -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Games\GamesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Games\GamesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Layouts -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Layouts\PreferencesLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Layouts\PreferencesLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Layouts\ToolbarLayout.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Layouts\ToolbarLayout.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Manager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Manager\ManagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Manager\ManagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Movies -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Movies\MoviesOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Movies\MoviesOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\PopupBlocker -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\PopupBlocker\PopupBlockerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Reference -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Reference\ReferenceOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Reference\ReferenceOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\RelatedSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\RelatedSearch\RelatedSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Screensavers -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ScreensaversMarketingSitePager -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Screensavers\ScreensaversOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Screensavers\ScreensaversOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\SearchAssistPlus -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\SearchAssistPlus\SearchAssistPlusOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\SearchMatch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\SearchMatch\SearchMatchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\SearchMatch\SearchMatchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Toolbar -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ToolbarLogo -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ToolbarLogo\ToolbarLogoOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ToolbarSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\ToolbarSearch\ToolbarSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Toolbar\TBProductsOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\Toolbar\TBProductsOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\TravelSearch -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\TravelSearch\TravelSearchOptions.xml -> Adware.Starware : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Application Data\Starware\TravelSearch\TravelSearchOptions.xml.backup -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
HKU\S-1-5-21-956346901-3262614430-1109689657-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D49E9D35-254C-4C6A-9D17-95018D228FF5} -> Adware.Starware : Cleaned with backup (quarantined).
C:\WINDOWS\SmFzZSBIb3R0ZW5yb3Ro\mAIWtm1KvalXtqcVvalC.vbs -> Trojan.Small : Cleaned with backup (quarantined).
::Report end
Rahina Rescue
4 Mar 2007, 2:20pm
Please Emtpy AVG Anti-Spyware Quarantine.
When done Emptying AVG's Quarantine do the following:
Please run Panda's ActiveScan (http://www.pandasoftware.com/products/activescan.htm) You will need to use Internet Explorer to run it.
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
o If it wants to install an ActiveX component allow it
o It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
o When download is complete, click on My Computer to start the scan
o When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report.
Let me know How things are running :smiles:
Logfile of HijackThis v1.99.1
Scan saved at 8:19:09 AM, on 3/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180/component/VZWDLManager.cab
O16 - DPF: {29D73455-3ADA-49BB-9067-44822F6728F5} - http://www.joga.com/activex/uploadactx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://315426.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Rahina Rescue
4 Mar 2007, 2:24pm
Your Hijackthis Logfile is clean :)
Please follow my earlier instructions i gave you.
Thanks.
Incident Status Location
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Spyware:spyware/virtumonde Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\038E337Bd01[²ƒÇ]
Potentially unwanted tool:Application/Processor Not disinfected C:\My Downloads\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\My Downloads\VirtumundoBeGone.exe[²ƒÇ]
Rahina Rescue
4 Mar 2007, 3:08pm
We still have few things to do ;)
Go to Start » Run » type in: regedit » OK.
On the leftside, click to highlight My Computer at the top.
Go up to File » Export
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as "Registration Files".
Under "Filename" put RegBackup.
Choose to save it to C:\
Click Save and then go to File » Exit.
Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)
REGEDIT4
[-HKEY_CLASSES_ROOT\Software\Classes\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}]
Save this as fix.reg Choose to save as all files and place it on your desktop.
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
Now you could scan and Clean Up things using CCleaner.
Next Please Run a scan using:
Kaspersky On-line Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html)
When you are prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files
When the files finish downloading click on NEXT
Now click on Scan Settings
In Scan Settings make sure that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
This program will start and scan your system.
Online scan can take a long time to complete and the time is impacted by the speed of your internet connection. Be patient and let it run. It is best not to do anything else while the scan is running. This will help it to complete faster.
When the scan has completed, it will display whether your system has been infected or not
Click on the Save as Text button:
Save the file to your desktop or another folder where you can locate it later.
Attach this file to your next message.
How are things?
alright, scan in progress...
Rahina Rescue
4 Mar 2007, 3:52pm
Alright, i guess you are already familiar with these scanners :D
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 04, 2007 10:10:04 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/03/2007
Kaspersky Anti-Virus database records: 275768
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 45136
Number of viruses found: 1
Number of infected objects: 9 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:34:26
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Credentials\S-1-5-21-956346901-3262614430-1109689657-1010\Credentials Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\BRNDLOG.BAK Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\BRNDLOG.TXT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR12.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR13.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR14.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR15.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Backgrounds\TFR16.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\ListCache.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\MapFile\TFR17.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\MapFile\TFR36.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\MapFile\TFR4F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata00.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata01.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata02.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata03.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata04.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata05.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata06.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata07.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata08.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata09.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata10.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata11.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\sqmdata12.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR10.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR37.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR38.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR39.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR3F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR40.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR41.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR42.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR43.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR44.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR45.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR46.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR47.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR48.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR49.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR4E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR6.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR7.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR8.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFR9.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRA.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRB.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRC.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRD.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRE.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\UserTile\TFRF.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR19.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR1B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR1D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR1F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR21.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR23.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR25.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR27.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR29.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR2B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR2D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR2F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR31.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR33.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3534236351\Winks3\TFR35.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR5D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR5E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR5F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR60.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Backgrounds\TFR61.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\ListCache.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\MapFile\TFR62.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\MapFile\TFR81.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\MapFile\TFR94.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata00.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata01.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata02.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\sqmdata03.sqm Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR51.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR52.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR53.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR54.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR55.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR56.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR57.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR58.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR59.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR5A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR5B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR86.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR87.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR88.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR89.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8B.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8D.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR8F.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR90.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR91.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR92.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\UserTile\TFR93.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\map.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR64.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR66.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR68.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR6A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR6C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR6E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR70.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR72.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR74.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR76.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR78.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR7A.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR7C.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR7E.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\MSN Messenger\3579442819\Winks3\TFR80.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1003\15aa42ac-aea2-48e4-bdc3-00a9872c44c9 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1003\Preferred Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1010\8d723408-edea-4412-a47b-284ab39c0778 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Protect\S-1-5-21-956346901-3262614430-1109689657-1010\Preferred Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Dr. Enro\Application Data\Sonic\Update Manager\sumdb.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Dell Auction.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Dell.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Gigabuys.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Dell\Support.Dell.com.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\RealPlayer.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Media\Real.com Radio Tuner.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Favorites\RealPlayer Home Page.url Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\HelpCtr\HelpSessionHistory.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\History\History.IE5\MSHist012006072820060729\index.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\Local Settings\History\History.IE5\MSHist012006072920060730\index.dat Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{03344743-29AA-405D-8830-8A777BE08998}_Large.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{03344743-29AA-405D-8830-8A777BE08998}_Small.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{6C3CA880-FE3D-4934-B3F9-DEAB73CDF08D}_Large.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\AlbumArt_{6C3CA880-FE3D-4934-B3F9-DEAB73CDF08D}_Small.jpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Canyon__Mansion_On_The_Mountain.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Chuck_Prophet__What_Makes_the_Monkey_Dance.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Cordero__Vamos_Nenas.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Drive_by_Truckers__My_Sweet_Annette.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Get More with Jukebox Plus.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Imperial_Teen__Sugar.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Jon_Dee_Graham__One_Moment.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\My Playlists\DMX_TempList.wpl Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Secondhand_Jive__San_Francisco96.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Slobberbone__Sister_Beams.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\The_Flatlanders__Julia.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\01 Track 1.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\02 Track 2.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\03 Track 3.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\04 Track 4.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\05 Track 5.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\06 Track 6.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\07 Track 7.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\08 Track 8.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\09 Track 9.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\10 Track 10.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\11 Track 11.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\12 Track 12.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\13 Track 13.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\14 Track 14.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\15 Track 15.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\16 Track 16.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Unknown Artist\Unknown Album (7-29-2006 1-58-42 PM)\17 Track 17.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Music\Vic_Chestnut__Im_Through.mp3 Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript1.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript2.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript3.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript4.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript5.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript6.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript7.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript8.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My PSP8 Files\Scripts-Restricted\BoundScript9.PspScript Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Videos\Experience.mpg Object is locked skipped
C:\Documents and Settings\Dr. Enro\My Documents\My Videos\Thumbs.db Object is locked skipped
C:\Documents and Settings\Dr. Enro\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dr. Enro\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Dr. Enro\SendTo\RecordNow!.RecordNowSendToExt Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\EXCEL.XLS Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\EXCEL4.XLS Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\LOTUS.WK4 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\POWERPNT.PPT Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\PRESENTA.SHW Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\QUATTRO.WB2 Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\SNDREC.WAV Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WINWORD.DOC Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WINWORD2.DOC Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WORDPFCT.WPD Object is locked skipped
C:\Documents and Settings\Dr. Enro\Templates\WORDPFCT.WPG Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\history.dat Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\key3.db Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jase\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jase\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\63329BDCd01/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\63329BDCd01/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\63329BDCd01 RarSFX: infected - 2 skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\63329BDCd01 PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Application Data\Mozilla\Firefox\Profiles\us91l4ca.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\History\History.IE5\MSHist012007030420070305\index.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jase\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jase\ntuser.dat Object is locked skipped
C:\Documents and Settings\Jase\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\My Downloads\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\My Downloads\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\My Downloads\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\My Downloads\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\My Downloads\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\InstallShield Installation Information\{7BF68B83-5057-4D4B-0093-28285EEB9EE3}\setup.ilg Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0343.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0344.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0345.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0346.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0347.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0348.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0349.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0350.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0351.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\IMG_0352.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc30\ZbThumbnail.info Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0343.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0344.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0345.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0346.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0347.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0348.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0349.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0350.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0351.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\IMG_0352.JPG Object is locked skipped
C:\RECYCLER\S-1-5-21-956346901-3262614430-1109689657-1008\Dc31\ZbThumbnail.info Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP3\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\HOTTENROTH.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Antivirus.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT00bf9.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT00bfc.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Alright, i guess you are already familiar with these scanners :D
That's for sure! lol
Rahina Rescue
4 Mar 2007, 4:42pm
Well i'm not seeing anything in Kaspersky's logfile.
Youu could scan with CCleaner again and clean up things.
Go ahead and delete Smitfraudfix if you want to, it's not needed here anymore.
How are things running? Any Issues?
So, what was the stuff that Kaspersky found and called a virus/infected objects?
I'm not questioning you, I'd like to know for future reference.
Rahina Rescue
4 Mar 2007, 5:48pm
Kaspersky Found Smitfraudfix.exe and it's process.exe and thought it was a Virus/Spyware of some kind ( Meaning that it was false alarm.
Smitfraudfix is a helpful tool to fight against specific malware on your system. You should not let those reports confuse you. :smiles:
There also was a file ( Infected one ) located in Firefox cache folder, and that's why i told you to Run CCleaner to clean that up.
Currently i can not see any signs of malware on your system.
If you are happy, i am happy, so let me know if things are running better? if there's something you would like to ask, please do. that's why i'm here ;)
Thanks.
I'm am very happy and appreciative of your assistance!
I do have one final question though...
I did run CCleaner and deleted Smitfraud and it's folder, since then, I was curious to see what Spybot would find, and it found those same 7 things that it cannot clean.
My question is, will those always show up when I run spybot?
Rahina Rescue
4 Mar 2007, 6:39pm
If you did the Earlier Regifxes correct those Should not appear in Spybot Findings anymore..
Looks like we have some use for Smitfraudfix again ;)
Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.exe) (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Double-click smitfraudfix.exe
Select option #3 - Delete Trusted zone by typing 3 and press Enter.
Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.
Reboot.
Scan using Spybot, those entries should be gone now.
That was it Rahina!
It clean as a whistle...especially after all we did! lol
Can't thank you enough...you've been GREAT!!!
Anyone that has questions about anything this forum can provide, I'll be sure to direct them here!
Thanks again and good luck to you!
Rahina Rescue
5 Mar 2007, 5:22am
Glad I could be of assistance! The help you received here was free. Please read through some of these Prevention Tips (http://www.short-media.com/forum/showthread.php?t=39435) that Short-Media offers.
This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread (http://www.short-media.com/forum/newthread.php?do=newthread&f=57) instead :)
vBulletin® v3.8.1, Copyright ©2000-2009, Jelsoft Enterprises Ltd.