trojan-backdoor-flood.mirc - need help

Hristy · July 2006

Hi first of all sorry for my English...

Maybe i should create a New Thread to ask a question about the same Trojan Horse : trojan-backdoor-flood.mirc.... but i wasn't sure so a decided to ask here...
recently i found out that i have the trojan horse on my computer... i read the explanations by chiawaikian but I didn’t understand everything…I was wondering if you can explain me better what is the best thing that I should do to remove this trojan…
Thanks…

chiaz · July 2006

Hi Hristy, and welcome to Short-Media Forums.

Which program detected "trojan-backdoor-flood.mirc"?

Hristy · July 2006

Well…my pc was (and still is

) a bit slow…I scanned it for viruses...(I have avast anti-virus) but there weren’t any…so I ask a friend for an advice…he sent me Kaspersky anti-virus…This one found 4 viruses (every time that it warned me for a virus I clicked DELETE). AT the end, of 4 viruses only 3 were deleted…(even if I’m sure that I clicked delete for every virus warning )…I scanned my pc with kaspersky again but it didn’t found the non eliminated virus again…Than my friend told me to download Spy Sweeper…I did it…With this I found out that I have a trojan…but I still haven’t subscribe so spy sweeper couldn’t remove it…
But I think I found the files of the Trojan Horse…In the Registry…and I deleted them …I let spy sweeper to do the sweep again…there wasn’t any tojan….

but two days later I made full scan of the pc with spy sweeper and unfortunately it appeared again…what should I do now? Thanks…

p.s. in your opinion is better Avast anti-virus or Kaspersky?

chiaz · July 2006

This warning is a false positive by SpySweeper, meaning that there is actually no trojan-backdoor-flood.mirc in your system.

Both Avast and Kaspersky have its good points. Avast is a free anti-virus program, and its effeciency rate is pretty good. Kaspersky has very complete anti-virus definitions, as such generally it can actually detect more malware than others.

Would you still like me to check if your system is infected?
If yes:
Click here to download HJTsetup.exe:
http://www.thespykiller.co.uk/files/HJTSetup.exe
Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch HijackThis.
Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
Name the log "HJTLog" (or something similar) and save it on your desktop.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Hristy · July 2006

I didn’t get well what is Hijackthis for

... But as you said I installed it.. and I saved the log file.

chiaz · July 2006

Oops. I forgot to ask you to post the log here, but please do it.

Hristy · July 2006

here's the log file

Logfile of HijackThis v1.99.1
Scan saved at 11:13:56, on 08.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Programmi\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Programmi\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\Ereg.exe" -r "C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\ereg.ini"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{035F5CFD-2D7E-4E52-A3A7-94504891C7E3}: NameServer = 212.216.112.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9865F930-740D-455B-859E-7251807C9518}: NameServer = 85.37.17.56 85.38.28.98
O17 - HKLM\System\CS1\Services\Tcpip\..\{035F5CFD-2D7E-4E52-A3A7-94504891C7E3}: NameServer = 212.216.112.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{035F5CFD-2D7E-4E52-A3A7-94504891C7E3}: NameServer = 212.216.112.222
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: a-squared Anti-Spam Service (A2AntiSpamService) - Unknown owner - C:\Programmi\a-squared Anti-Spam\A2AntiSpamSrv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Programmi\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe

chiaz · July 2006

Go to Control Panel > Add/Remove Programs and uninstall the following if found:
SweetIM For Internet Explorer
WhenUSearch
Follow all the prompts, then restart the computer.

Now launch HijackThis and place a tick by the following entries if they still exist:
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.d ll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.d ll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.d ll
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Programmi\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Programmi\WhenUSearch\Search.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe

Close all other windows except HijackThis and press "Fix Checked". Now close HijackThis and restart the computer.

Rescan with HijackThis and post the new log here in your next reply.

Hristy · July 2006

Thanks for your instructions chiawaikian

Yesterday I scanner my pc with spy sweeper. And at the end there were also two file of WhenUSearch….
HKLM\software\microsoft\windows\currentversion\run\ || whwnusearch
HKLM\software\microsoft\windows\currentversion\run\ || whenusearchwhse

I deleted the files from the registry… (maybe it’s not correct to do this but …

) and using SEARCH I tried to find other files or folders with the same name.. but there weren’t any…
I deleted, as you said, SweetIM For Internet Explorer but WhenUSearch there wasn’t…

Now here’s the new logfile:

Logfile of HijackThis v1.99.1
Scan saved at 11:35:11, on 09.07.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\Ereg.exe" -r "C:\Programmi\ScanSoft\OmniPageSE2.0\EregIta\ereg.ini"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{035F5CFD-2D7E-4E52-A3A7-94504891C7E3}: NameServer = 212.216.112.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9865F930-740D-455B-859E-7251807C9518}: NameServer = 85.37.17.56 85.38.28.98
O17 - HKLM\System\CS1\Services\Tcpip\..\{035F5CFD-2D7E-4E52-A3A7-94504891C7E3}: NameServer = 212.216.112.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{035F5CFD-2D7E-4E52-A3A7-94504891C7E3}: NameServer = 212.216.112.222
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: a-squared Anti-Spam Service (A2AntiSpamService) - Unknown owner - C:\Programmi\a-squared Anti-Spam\A2AntiSpamSrv.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Programmi\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe

Thanks.

chiaz · July 2006

HijackThis log looks fine now... however since it doesn't scan the entire system please run Panda ActiveScan.

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.

Hristy · July 2006

I tried to install the AntiVirus but -->

Error on downloading ActiveScanAn error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try againPossible causes of this error are:

Not allowing the application's ActiveX control to be downloaded.

Problems with the Internet connection.

The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,...

It's because Avast detected a virus: Virus/warm Win32:CTX (http://acs.pandasoftware.com/activescan/as5free/motor.cab\pskavs.DLL)

Or maybe I should disable Avast?

chiaz · July 2006

Do this instead:
Please run a free online scan with Kaspersky AntiVirus (works only with MS Internet Explorer 5.0 or higher).
Go to http://www.kaspersky.com/virusscanner and click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").

In the new window that opens, click the "Accept" button to accept the user agreement, install the ActiveX control, and download the program.
When you get the Windows dialog asking if you want to install this software, click the "Install" button.
When the "Update progress" line changes to "Ready" and the "NEXT ->" button lights up with a green arrow, click it.
Click on the "Scan Settings" button, and in the next window select the "extended" database, and click Ok.
Under "Please select a target to scan:", click My Computer to start the scan.

When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window, and post the text in kavscan.txt in your next reply.

Hristy · July 2006

:bawling: 8 viruses

KASPERSKY ONLINE SCANNER REPORT
Sunday, July 09, 2006 6:50:45 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 9/07/2006
Kaspersky Anti-Virus database records: 205951

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
B:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\
L:\

Scan Statistics:
Total number of scanned objects: 85305
Number of viruses found: 8
Number of infected objects: 45 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:44:09

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS030A5659-9F74-4F1B-9959-0B1BB9C874AC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS0423B284-19A7-4FC6-8A83-F134DC0B7638.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS0477F4A8-273D-445D-B7E9-82AD2ED358FA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS05A88F73-ADAC-4617-B2F4-7AB1E36B7C9F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS07888EDB-859A-4C0D-985F-F413E52981B6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS09EBBF43-77E8-47AF-995C-73C7A5B60272.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS0A20E9E5-4B13-4C68-B314-0513C7AB5D9B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS0D605B10-63D2-4A29-B5D0-2D5F168C73ED.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS0E024B9D-4AB6-4D21-AFE6-8DBD96787D75.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS1215DC93-3BBD-49EB-AD92-1E793A3D0B6E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS160D4FAF-FE79-4747-B58E-8D2BA252B90C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS17139023-7D66-4077-8657-52A63313D755.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS1B24A43D-EA12-4FF9-8704-47F9022D48AF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS21534413-9C02-4FF0-B63D-E9B388CE8E6A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS2A3299B3-8257-4DB8-B4BB-CAB4F9A41EDD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS2E7201F4-319A-4D7B-BC44-D4A1AC9B12D2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS2E791689-FDB1-41CB-AAF6-7217C8E1826D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS2F498EF6-D2F9-446C-9EE1-C360D73E3D03.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS2FCC6DDF-E4E6-48C3-AF71-C6BD5A440E27.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS30AE7B9E-2C92-4F1C-B1C8-C6E8D4771F21.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS333A81FB-70CF-4018-90F1-9CEA93F47135.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS3395E86D-BCF9-4988-A758-D33EF76D5596.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS35529EC2-6E71-4C22-9DF6-4FA77AEF1F4D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS358F69F0-BF11-40CC-8FBA-193F2A75D879.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS371B7A2E-DD87-4704-AA25-EE713D1C0DC7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS3EC09AA8-F25A-4817-A733-F9CF556B5E17.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS3FD44780-3A44-4343-8358-7B9E18695C20.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS41F2A41C-DAFB-4442-82C6-90053B490AFF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS4565527D-0614-4344-8778-64266DAFA27F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS46A7AD25-FBCC-4278-A923-962453ABC683.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS48E4CB5F-C08E-419F-ACFB-2F27609C693D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS491404E4-1D4D-48CF-9A84-24DB9AEA1D2D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS4E0C7D4B-1D10-45FC-8F69-F16B9430D069.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS4ED0E6A6-EF18-49BD-B74D-2DB989B09B30.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS50633CD8-B66D-4CDB-A6E9-B8A7BC9F3043.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS521A35A4-33CF-4509-A8F0-8F69B53E5D10.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS551375BE-0497-4CA8-AE7D-361A5B94E97D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS58B63717-B018-4839-A5A5-2E99BB02AEAF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS5A3716F6-E5E7-4B48-8A08-1C470AF10990.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS5D7E28CA-BDC4-466F-BF7E-1375DCA15579.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS5F07F4B5-9525-4FDE-ABA0-5134B57C69E3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS5F716A0D-1001-4608-A5E4-08DDB4EFE2E8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS61EDCC16-72FA-4466-86FD-76E0EE7C3152.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS632B0901-0B6C-4045-8077-B3177C526025.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS6494F4AB-3D4E-49CF-8F35-7163C7754B60.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS658FAD46-BF17-4F1B-9D5D-54B39BCF6342.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS66FE0752-1A79-4CBD-AE00-B760CA39FFB1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS68FF1A21-3034-4AAD-A60E-4165A925B157.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS6A819E9C-D065-47D3-B3A4-D451A912700B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS6C62C634-3744-42EC-89F1-8286C0F92940.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS6CDA79DB-40B0-46B8-BAA6-5C603F717ED4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS6FCA96EE-F9EA-4F50-B8A0-91AA4735CF77.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS7179006C-7A7D-46B5-BD34-8021340F209D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS720B533F-3F4B-4A51-A2F8-70DF0E80672A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS724C7E01-8567-429B-9B5C-193AF710F880.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS74C893DF-6299-49CC-B6E1-2F35E803069F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS78B960A5-7E6E-4195-8F78-43524F936EE9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS799DD5FA-8BD3-4EE5-9796-B65C3EA09B58.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS7C666F8A-C09C-4832-915D-66ABCA57A651.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS7D4C01A2-25FF-41C1-B12F-F2F71414580C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS837E93A9-8065-4D7B-98E2-44BF8A86348E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS86AAB4BF-25AE-40B9-807A-5B73FD4ED429.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS8F494202-6463-4DF5-BB37-2870147517EB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS932E0408-2FE9-477A-A504-67D3D6DEA39F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS958C4C36-9E28-4BEE-9869-65C8BCC23AA6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS962DAB19-0C60-4404-9131-465AE0CC7E49.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS97706B3B-70D7-4747-88B6-D23EE332D897.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS978CF80A-76D9-4ECC-AC7B-8F5CA8A4C620.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS98E924F8-5831-4E2E-8630-C55A0CE8A881.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS99588A80-A17C-4646-9237-2D1529EA2BF2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS9A507D30-CF14-44E3-97EB-4F46C30BB6A4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS9B5FAA8A-2703-4733-B85C-FFBFB519F3FB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS9CED3DF9-6F23-4C86-B682-4949EF77B1CB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSA5FE4A01-3F28-4CB0-AF33-B18567B5A788.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSAA383750-1553-431F-86F0-D11DE55BDB71.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSAB9D1969-4CE4-49A0-B7D4-5977922E7EED.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSABFA3E53-4AEA-4E72-BF8C-1E33A1DC4A97.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSAD3BB7B4-696C-4C39-879F-63C4BCAD943F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSAF124182-AFC4-45CA-9BBE-DBE4461EE3C2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSAF9FE0BC-8B4A-4AB3-8DA9-9326FE3838D3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSB8432FB7-6E5B-4E43-9D87-4479A8DF2DDC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSB912A976-3817-4ABB-9ED4-331323D315ED.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSBBF7915B-FE93-421B-A25D-CC54EE66797D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSC4892FFC-8B71-4D57-9C94-703F6F9A09D2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSC645E2BE-3395-47C4-A208-B61550BA41F9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSCAF13AB2-C8FD-4BBB-9307-69D975729BEF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSCBD72D0C-AAF2-4A22-A1F8-DD6838283EB6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSCC9D78AA-0820-4620-BB71-3088FFF94FE5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSD18FD433-83FD-475D-B303-CB732B264794.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSD25C2A25-7C50-499A-BF31-873413B1964B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSD745FA8E-3D4C-42C5-B4E2-D1908749BE06.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSD8514D39-A554-4822-A27B-CA47B9F4F0FD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSD900DF04-28CA-435F-B501-A84DCCBA496C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSDA023330-F325-49FF-BAC7-C805160813C9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSE10696F8-8419-4187-BDF0-9BC029314723.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSE8A56A46-EBF8-410B-827A-0F7DE0D0DC0B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSEAE51FBB-8A49-49DE-8464-2E8F7766D94C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSEC92BF51-43E5-4F06-AAB4-DFCA10E52A30.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSED30A3E9-1A04-46CF-AACA-12BCA9EA738F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSF436CAD2-F1E0-4172-8949-73DE188E2DBD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSF647139E-3BE4-4F19-986B-46B4805C9B41.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSF7F8D19F-6267-48BB-9069-E1A937EDC8A1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSFF2E164C-765D-47FE-9E2E-429B6A72C244.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSFF69CE56-5E72-4669-936C-21E062659D04.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\User\Dati applicazioni\Microsoft\Windows Defender\FileTracker\{92570921-40D5-4F4A-8CB7-60F9441F6B39} Object is locked skipped
C:\Documents and Settings\User\Documenti\File ricevuti\Reactor Script.rar/Reactor Script/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\User\Documenti\File ricevuti\Reactor Script.rar RAR: infected - 1 skipped
C:\Documents and Settings\User\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\Impostazioni locali\Cronologia\History.IE5\MSHist012006070920060710\index.dat Object is locked skipped
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From IvAnA Trajkovska <ivana_seksi@yahoo.com>][Date Mon, 5 Dec 2005 11:55:10 -0800 (PST)]/UNNAMED/UNNAMED/[From sinter sinterovski <sinterce@yahoo.com>][Date Sun, 16 Oct 2005 07:37:39 -0700 (PDT)]/UNNAMED/[From sinter sinterovski <sinterce@yahoo.com>][Date Sat, 15 Oct 2005 08:26:27 -0700 (PDT)]/VaNiLa.zip/VaNiLa/VaNiLa/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From IvAnA Trajkovska <ivana_seksi@yahoo.com>][Date Mon, 5 Dec 2005 11:55:10 -0800 (PST)]/UNNAMED/UNNAMED/[From sinter sinterovski <sinterce@yahoo.com>][Date Sun, 16 Oct 2005 07:37:39 -0700 (PDT)]/UNNAMED/[From sinter sinterovski <sinterce@yahoo.com>][Date Sat, 15 Oct 2005 08:26:27 -0700 (PDT)]/VaNiLa.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From IvAnA Trajkovska <ivana_seksi@yahoo.com>][Date Mon, 5 Dec 2005 11:55:10 -0800 (PST)]/UNNAMED/UNNAMED/[From sinter sinterovski <sinterce@yahoo.com>][Date Sun, 16 Oct 2005 07:37:39 -0700 (PDT)]/UNNAMED Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From IvAnA Trajkovska <ivana_seksi@yahoo.com>][Date Mon, 5 Dec 2005 11:55:10 -0800 (PST)]/UNNAMED/UNNAMED Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From IvAnA Trajkovska <ivana_seksi@yahoo.com>][Date Mon, 5 Dec 2005 11:55:10 -0800 (PST)]/UNNAMED Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From dragan dodevski <piksi_d@yahoo.com>][Date Mon, 27 Feb 2006 17:27:03 -0800 (PST)]/UNNAMED/UNNAMED/[From goce bogatinov <fraerce_goce@yahoo.com>][Date Sat, 11 Feb 2006 17:23:49 -0800 (PST)]/UNNAMED/[From valentino mojsovski <valentinomojsovski@yahoo.com>][Date Sat, 17 Sep 2005 15:21:23 -0700 (PDT)]/LEKS/LEKS Skripta 2004/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From dragan dodevski <piksi_d@yahoo.com>][Date Mon, 27 Feb 2006 17:27:03 -0800 (PST)]/UNNAMED/UNNAMED/[From goce bogatinov <fraerce_goce@yahoo.com>][Date Sat, 11 Feb 2006 17:23:49 -0800 (PST)]/UNNAMED/[From valentino mojsovski <valentinomojsovski@yahoo.com>][Date Sat, 17 Sep 2005 15:21:23 -0700 (PDT)]/LEKS Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From dragan dodevski <piksi_d@yahoo.com>][Date Mon, 27 Feb 2006 17:27:03 -0800 (PST)]/UNNAMED/UNNAMED/[From goce bogatinov <fraerce_goce@yahoo.com>][Date Sat, 11 Feb 2006 17:23:49 -0800 (PST)]/UNNAMED Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From dragan dodevski <piksi_d@yahoo.com>][Date Mon, 27 Feb 2006 17:27:03 -0800 (PST)]/UNNAMED/UNNAMED Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From dragan dodevski <piksi_d@yahoo.com>][Date Mon, 27 Feb 2006 17:27:03 -0800 (PST)]/UNNAMED Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx Mail MS Outlook 5: infected - 10 skipped
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta inviata.dbx/[From "petar4e" <petar4e@alice.it>][Date Mon, 6 Feb 2006 23:18:52 +0100]/UNNAMED/VaNiLa.zip/VaNiLa/VaNiLa/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta inviata.dbx/[From "petar4e" <petar4e@alice.it>][Date Mon, 6 Feb 2006 23:18:52 +0100]/UNNAMED/VaNiLa.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta inviata.dbx/[From "petar4e" <petar4e@alice.it>][Date Mon, 6 Feb 2006 23:18:52 +0100]/UNNAMED Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta inviata.dbx Mail MS Outlook 5: infected - 3 skipped
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\User\Impostazioni locali\Temp\CAVIR_ScrIpT_v2[1].6.exe/mIRC.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\User\Impostazioni locali\Temp\CAVIR_ScrIpT_v2[1].6.exe InstallCreator: infected - 1 skipped
C:\Documents and Settings\User\Impostazioni locali\Temp\CAVIR_ScrIpT_v2[1].6.exe UPX: infected - 1 skipped
C:\Documents and Settings\User\Impostazioni locali\Temp\Mona's bot.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.59 skipped
C:\Documents and Settings\User\Impostazioni locali\Temp\~DF2E1E.tmp Object is locked skipped
C:\Documents and Settings\User\Impostazioni locali\Temp\~DF99EA.tmp Object is locked skipped
C:\Documents and Settings\User\Impostazioni locali\Temp\~DFF281.tmp Object is locked skipped
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\YHCRILQ5\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\User\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\User\ntuser.dat.LOG Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Programmi\Alwil Software\Avast4\DATA\report\Protezione residente.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP247\A0048774.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP248\A0048835.exe/mIRC.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP248\A0048835.exe InstallCreator: infected - 1 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP248\A0048835.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP248\A0048847.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP250\A0050099.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP250\A0050116.exe/mIRC.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP250\A0050116.exe InstallCreator: infected - 1 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP250\A0050116.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0054766.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0054791.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.59 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0054906.EXE Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0054953.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0054991.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0055029.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0055074.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.59 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0055758.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.601 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0055796.EXE Infected: not-a-virus:Client-IRC.Win32.mIRC.561 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0055797.EXE Infected: not-a-virus:Client-IRC.Win32.mIRC.561 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP287\A0056654.exe Infected: Trojan.Win32.Delf.fh skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP291\A0060004.exe/data Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP291\A0060004.exe SetupFactory: infected - 1 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP302\A0072287.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.601 skipped
C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP311\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6ac.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Can you please tell me what should I do with these? Thanks.

chiaz · July 2006

The "Object is locked skipped" entries are harmless.

Please navigate to and delete everything in this folder:
C:\Documents and Settings\User\Impostazioni locali\Temp\

Next download ATF Cleaner by Atribune.

Double-clickATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser

ClickFirefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser

ClickOpera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Lastly, rescan with Kaspersky Online Scanner and post the new log in your next reply.

Hristy · July 2006

Ok. Well I tried to delete this folder C:\Documents and Settings\User\Impostazioni locali\Temp\
Only for one file (that the folder contains ) it says that it’s in use from another user or program so I couldn’t delete it.

I closed everything, disconnected internet…but it didn’t change anything…

I also download ATF Cleaner and did as you said. Than I rescanned the pc with Kaspersky Online Scanner. Here’s the new report:

KASPERSKY ONLINE SCANNER REPORT
Monday, July 10, 2006 9:35:24 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 10/07/2006
Kaspersky Anti-Virus database records: 206040

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
B:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics
Total number of scanned objects 78089
Number of viruses found 8
Number of infected objects 41 / 0
Number of suspicious objects 0
Duration of the scan process 01:02:07

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS055A9CA7-9502-4354-97AE-7F166838B574.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS07415316-01EB-4334-B308-AA51A08084DD.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS094BD3DF-21B0-481D-B586-A4A3BBF7ADE5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS0AF7F800-436F-46E3-940E-B2D4FFA2032D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS0D799444-39EE-4976-8CA3-C538EC6E4476.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS0F752C1E-DCE9-43FB-B86D-6EB4EC9C90C0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS0FB0C586-93DA-4772-AAB4-F06C42F83871.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS0FF63A68-D2F1-4AAE-A3DA-45D3A441BC62.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS13C1F8B4-DFE1-4A34-88B3-AA6E7EF391F5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS1449DDDE-3660-4D77-8E11-295633913BF6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS1DF2F7D8-1E61-4EA7-B159-ACBC24647D4F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS1F53CB13-01F0-4676-9ADE-D400B4511BEF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS238EF736-F84D-46D8-8F61-5CE1217DC84F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS2AD37FA4-3565-4B2A-B998-6487DD99B904.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS2E3E8B93-7CEF-4FEC-AEFB-91DB267B698B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS2E42F873-70AC-4320-8EF4-316296C6EFA9.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS30C81058-B2DB-4FE9-BE39-59D38D0E5642.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS30F979B9-7F36-4118-818D-AB8B983A4283.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS326974EB-DC76-4E3C-A273-FBB26EE4489F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS35A32365-EA3F-4FDC-BEE3-9F16C874EA06.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS35DE9F53-6014-4C6C-AE3A-CB2954DDE592.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS36665042-2E74-4837-AD72-DF5F20B5DA60.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS3CD15324-0D6A-4492-8217-BD6C3E782B07.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS427508A1-CB38-416F-A7CA-58F77309F167.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS48A4FBAE-66FC-4DF5-B9A5-262AB39044EE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS48AB868E-EA16-45F8-98EB-F3BF22BFD311.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS4909221B-F534-4F19-8882-2B6BC9E71729.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS4E100958-6342-48BC-9B61-04AC9302E81B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS4FCDC960-B499-4EDA-AEE8-B68B15F477B7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS5193165E-1644-4054-9C6C-7FCEEE4119A4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS5651FEDF-2A5B-40C0-A26C-D2CBFA8654BF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS582E2227-4299-4BFC-816A-CA64D8FEEAB7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS588FECD2-935A-444C-968F-1C545A0C2F40.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS5A59E2E9-E7A9-4219-98F1-707438BAD334.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS5B0FF0E0-FD15-45CD-9AE9-A4BE8E7645BE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS5F80F66D-E894-45D8-96D9-F6DBA392E6A6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS627BAEB0-28EE-4B09-88D7-0F93D8E367EC.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS62DE3DA8-EDC8-4E27-9238-C126BD84D857.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS6602A619-B609-4C04-95C9-6F825C31DA5E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS6B92E706-BD6A-423E-B612-47F60115EFFE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS6C5B7361-77DB-42CE-A170-4C78AB37FE63.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS6C970178-C632-4BFA-9DEE-86229D938A43.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS71C404D3-13BC-42E0-920D-32AD445A0F38.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS71F24F0E-767A-4AE0-9185-672F0AF0F8C9.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS733A629C-B6A3-492B-A0F6-7B42333F5C6F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS78F37760-105D-488B-9C93-4F89B9492782.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS7BCA61B3-A36E-4C96-A654-0AED52668667.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS7C94C452-454E-4D20-A6FD-5538F7A6877E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS824175F1-BAB9-49BE-B7D8-946495010136.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS8537A2C8-7228-43AA-A815-C03ECE0F9D1C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS86496C45-B493-4A9E-B2B3-569E9C8F6CD6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS8B6FEDB1-2CE7-49DD-9CEC-F6B618BE1B7B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS8F2C327E-E542-4883-B257-D70A1FBA4C85.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS8F6230AD-1AB9-46FF-A9F5-552655152FD9.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS901767D8-F764-4FE4-A1A2-DD838A796A5C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS9325C933-2410-4C03-A193-8014DE27CE06.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS93343C58-1256-4FC3-BD36-8DD1EB75B715.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS9666965B-36B4-4649-B01F-08B703E14FC7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS989F3A10-55D6-40AB-898C-A0A00469EF80.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCS9D840836-E019-4902-9754-043072E7387F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSA0F0E688-1A45-45F2-92C8-85E1734A8CAC.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSA15D6FE5-99B9-4236-9884-E40EB663D485.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSA7BED51A-BDE5-4CEE-9CB3-5499928C041D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSA8BE2372-5754-4B36-984C-43F5E2D97FF7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSA96F2390-B5E2-428A-8AB6-79150A615282.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSA9FF5FFB-4B1A-425B-A6EA-873307616853.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSAD6FA3EE-4E02-41E8-8628-3FB839E9CAFE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSB03A971A-D816-4D46-869D-F0F6F15E5741.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSB2689464-9E9A-45E6-B28F-EE5447E4E13E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSB606DD95-E98E-43C8-BCE6-29D68856AEFA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSB76D5E86-F588-49B0-B818-678838203CDE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSB7C5D09A-62C1-4D31-819F-CE1FADD46EC7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSB93BC2D3-F912-421B-B08A-5CDCAE7BAE4A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSBBACFE45-2DA1-46FB-A12E-D2FBDDEA92F4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSBF285892-FCF7-4EFD-A9F0-B60CA0222084.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSC642A1A5-C332-4882-A50B-2B2FB0CA9CB5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSC64C8FB7-C9EA-446D-AD1D-8E0E1D14F47E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSC767010D-F732-47D2-8FA9-EB8E01ABA55B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSC7904875-A456-4787-A438-8C62B855E2AD.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSCC871649-4CB1-40B8-AFEE-D4ED765890F3.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSCD84494A-EEA9-4ED1-A410-34D5124EB588.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSCD86B207-121A-4CD5-9E0C-E49926CF5FF2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSCF143C55-D5FB-4DAD-BAF7-06F35C600250.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSD1F844E6-6120-49F1-88FF-173C2B17A36D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSD3F2D97F-1F76-4399-8DD9-CA35480EFFEE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSD6D5E9A4-4DC3-4DC9-8162-05FE6D51FDAF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSDB13CD3A-26C5-4217-8503-B28E7029AB4C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSDCAC859E-4FA2-40B0-B15F-E61E34728D14.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSE0E21706-F898-4488-A5BA-98FA8FB4EA6B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSE1355AC7-9C11-4F69-8CCA-9E5171880378.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSE31342F6-C31B-4E0F-B456-0E95108DD8AA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSE9A9E51D-1633-4FE8-BDA1-E440E5E58B5F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSEB24A9B6-4F7C-4B8F-AE61-EB697D57357C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSEBDF404A-EAFC-4DEB-9C26-46D4D0614855.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSF0094038-83B6-49E8-B462-F4C2B3F2533B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSF038581D-75C2-4168-8EC3-1335F3B479FE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSF46A87D1-535B-4F12-B3E4-697F9B9C56AC.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSF574EE3E-4C02-438E-AA94-B1A263A9058E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSF88D5885-D3B7-4FA7-BDEA-CAC9D96523F0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSFA69EDDF-E153-4F09-9AB1-20E80293E3B1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSFDA0BF8D-62DA-4D01-8F2C-A02788F376DC.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSFE24A4FA-2354-4EFA-BDF2-252B2D846A5B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSFF826302-2FE7-4B08-89B7-9A3C2F9E9242.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Dati applicazioni\Webroot\Spy Sweeper\Temp\SSCSFFD2A2A0-7BCF-43A9-A51D-D875EF3CA10D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\User\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Microsoft\Modelli\Normal.dot Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Microsoft\Windows Defender\FileTracker\{1BBE3FBC-D038-46D7-940D-3989105CE70E} Object is locked skipped

C:\Documents and Settings\User\Dati applicazioni\Microsoft\Word\Salvataggio automatico di Documento1.asd Object is locked skipped

C:\Documents and Settings\User\Documenti\File ricevuti\Reactor Script.rar/Reactor Script/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Documents and Settings\User\Documenti\File ricevuti\Reactor Script.rar RAR: infected - 1 skipped

C:\Documents and Settings\User\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Cronologia\History.IE5\MSHist012006071020060711\index.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From IvAnA Trajkovska ][Date Mon, 5 Dec 2005 11:55:10 -0800 (PST)]/UNNAMED/UNNAMED/[From sinter sinterovski ][Date Sun, 16 Oct 2005 07:37:39 -0700 (PDT)]/UNNAMED/[From sinter sinterovski ][Date Sat, 15 Oct 2005 08:26:27 -0700 (PDT)]/VaNiLa.zip/VaNiLa/VaNiLa/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From IvAnA Trajkovska ][Date Mon, 5 Dec 2005 11:55:10 -0800 (PST)]/UNNAMED/UNNAMED/[From sinter sinterovski ][Date Sun, 16 Oct 2005 07:37:39 -0700 (PDT)]/UNNAMED/[From sinter sinterovski ][Date Sat, 15 Oct 2005 08:26:27 -0700 (PDT)]/VaNiLa.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From IvAnA Trajkovska ][Date Mon, 5 Dec 2005 11:55:10 -0800 (PST)]/UNNAMED/UNNAMED/[From sinter sinterovski ][Date Sun, 16 Oct 2005 07:37:39 -0700 (PDT)]/UNNAMED Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From IvAnA Trajkovska ][Date Mon, 5 Dec 2005 11:55:10 -0800 (PST)]/UNNAMED/UNNAMED Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From IvAnA Trajkovska ][Date Mon, 5 Dec 2005 11:55:10 -0800 (PST)]/UNNAMED Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From dragan dodevski ][Date Mon, 27 Feb 2006 17:27:03 -0800 (PST)]/UNNAMED/UNNAMED/[From goce bogatinov ][Date Sat, 11 Feb 2006 17:23:49 -0800 (PST)]/UNNAMED/[From valentino mojsovski ][Date Sat, 17 Sep 2005 15:21:23 -0700 (PDT)]/LEKS/LEKS Skripta 2004/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From dragan dodevski ][Date Mon, 27 Feb 2006 17:27:03 -0800 (PST)]/UNNAMED/UNNAMED/[From goce bogatinov ][Date Sat, 11 Feb 2006 17:23:49 -0800 (PST)]/UNNAMED/[From valentino mojsovski ][Date Sat, 17 Sep 2005 15:21:23 -0700 (PDT)]/LEKS Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From dragan dodevski ][Date Mon, 27 Feb 2006 17:27:03 -0800 (PST)]/UNNAMED/UNNAMED/[From goce bogatinov ][Date Sat, 11 Feb 2006 17:23:49 -0800 (PST)]/UNNAMED Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From dragan dodevski ][Date Mon, 27 Feb 2006 17:27:03 -0800 (PST)]/UNNAMED/UNNAMED Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx/[From dragan dodevski ][Date Mon, 27 Feb 2006 17:27:03 -0800 (PST)]/UNNAMED Infected: not-a-virus:Client-IRC.Win32.mIRC.614 skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta in arrivo.dbx Mail MS Outlook 5: infected - 10 skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta inviata.dbx/[From "petar4e" ][Date Mon, 6 Feb 2006 23:18:52 +0100]/UNNAMED/VaNiLa.zip/VaNiLa/VaNiLa/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta inviata.dbx/[From "petar4e" ][Date Mon, 6 Feb 2006 23:18:52 +0100]/UNNAMED/VaNiLa.zip Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta inviata.dbx/[From "petar4e" ][Date Mon, 6 Feb 2006 23:18:52 +0100]/UNNAMED Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Identities\{DE9027C6-154B-4F3C-8945-7433AB0304BD}\Microsoft\Outlook Express\Posta inviata.dbx Mail MS Outlook 5: infected - 3 skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\~DF6DDE.tmp Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\~DFD730.tmp Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temp\~DFE12A.tmp Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\User\Impostazioni locali\Temporary Internet Files\Content.IE5\YHCRILQ5\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

C:\Documents and Settings\User\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\User\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\User\UserData\index.dat Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\report\Protezione residente.txt Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP247\A0048774.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP248\A0048835.exe/mIRC.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP248\A0048835.exe InstallCreator: infected - 1 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP248\A0048835.exe UPX: infected - 1 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP248\A0048847.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP250\A0050099.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP250\A0050116.exe/mIRC.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP250\A0050116.exe InstallCreator: infected - 1 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP250\A0050116.exe UPX: infected - 1 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0054766.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0054791.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.59 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0054906.EXE Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0054953.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0054991.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0055029.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0055074.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.59 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0055758.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.601 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0055796.EXE Infected: not-a-virus:Client-IRC.Win32.mIRC.561 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP285\A0055797.EXE Infected: not-a-virus:Client-IRC.Win32.mIRC.561 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP287\A0056654.exe Infected: Trojan.Win32.Delf.fh skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP291\A0060004.exe/data Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP291\A0060004.exe SetupFactory: infected - 1 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP302\A0072287.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.601 skipped

C:\System Volume Information\_restore{B9AE8A55-B004-479F-BDDF-A864D583FAC4}\RP312\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{69EB0402-C1C1-4886-B5A5-7DF23D48186B}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CnxDslWz.log Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_698.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Thanks.

chiaz · July 2006

Congratulations! Your computer appears clean.

Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore. Click to add a check mark beside Turn off System Restore on all Drives, and click Apply. When you are warned that all existing Restore Points will be deleted, click Yes to continue. All system restore points are deleted. Now you should manually create a restore point. Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore.
Click Create a Restore Point, and then click Next. Name your restore point. (I use the date as well as a descriptive term such as "Clean system.")

Here are a number of recommendations for additional protection to help prevent any malware infections in the future. These few simple steps can stave off the vast majority of spyware problems.

You may have already taken some of these steps:
1. Watch what you download!
Do not download just anything you see on the web. Some may have spyware bundled into them.

2. Try not to use peer-to-peer programs.
P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read this article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.

3. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp
We recommend checking for Windows updates monthly.

4. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

So why is ActiveX so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

5. Download and install the following free programs:
a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
b. SpywareGuard: http://www.javacoolsoftware.com/spywareguard.html
Periodically check for updates.

6. Keep your antivirus software up to date. If you don't have one, I recommend the free AVG.

7. Use a firewall. If you don't have a firewall, I recommend the free version of ZoneAlarm
A tutorial on understanding and using firewalls may be found here

8. IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Another good hosts program is mvpshosts. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial.

9. You might consider installing Mozilla / Firefox, which is much safer than Internet Explorer.
http://www.mozilla.org/

10. Install spyware detection and removal programs:
Ad-aware: http://www.snapfiles.com/get/adaware.html
Spybot S&D:
http://www.safer-networking.org
Use these programs to regularly scan your system for and remove many forms of spyware/malware.

11. Microsoft now offers their own anti-spyware product. Windows® Defender (Beta 2) improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC. This is a BETA for XP/2000 only.

12. Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link: http://www.spywarewarrior.com/rogue_anti-spyware.htm
If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm

Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!

Hristy · July 2006

Thank you very much for helping me to resolve the problems with my computer.

I really appreciate this! Now I’ll download the programs you advised me.
Thank you again!

P.S. Thanks for the recommendations too

chiaz · July 2006

You're welcome Hristy.

Since this topic appears resolved, I shall now close it. If you are the original topic starter, and wishes to reopen the thread, please pm the URL of this log to a moderator.

trojan-backdoor-flood.mirc - need help

Comments