Options
pop up and bar888 problems
i am having pop up problems majorly on my computer and ive heard that bar888 is bad and every time i delete it, it comes back here is all my hijack logs which includes the HJTLOG, if you need THE UNINSTALL LIST and the start up list just let me know i can send it to and at the very bottom there is the KASPERSKY ONLINE SCAN. Can someone help me please,,, thank you
Logfile of HijackThis v1.99.1
Scan saved at 12:58:18 PM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\??mbols\w?nspool.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\rent a center\Desktop\hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {0F11ED1B-23F9-050B-DA7B-7E129843E4E1} - C:\WINDOWS\system32\drdwfw.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F11ED1B-23F9-050B-DA7B-7E129843E4E1} - C:\WINDOWS\system32\drdwfw.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\RunServices: [winsock32] winsock32
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk788JWUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167274428390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168973402265
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: COM+ Messages - Unknown owner - -e,te-110-12-0000213, (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: winsock32 (winsock32.exe) - Unknown owner - C:\WINDOWS\winsock32.exe
THIS IS THE KASPERSKY ONLINE SCAN
Tuesday, January 16, 2007 2:30:53 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 16/01/2007
Kaspersky Anti-Virus database records: 244431
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 71720
Number of viruses found 11
Number of infected objects 61 / 0
Number of suspicious objects 0
Duration of the scan process 01:19:51
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\rent a center\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\History\History.IE5\MSHist012007011620070117\index.dat Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Temp\fla98.tmp Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Temp\ze.exe Infected: Trojan-Downloader.Win32.Agent.bdr skipped
C:\Documents and Settings\rent a center\Local Settings\Temporary Internet Files\Content.IE5\0HA7O1EB\show[1].htm Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Temporary Internet Files\Content.IE5\4H6RWLQJ\webcam_430x600_laura01[1].flv Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Temporary Internet Files\Content.IE5\ALW761Q5\index[1].php Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Temporary Internet Files\Content.IE5\JAWVNXKL\49[1].js Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Temporary Internet Files\Content.IE5\JAWVNXKL\CA85EB4T.htm Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Temporary Internet Files\Content.IE5\S9Q3W5MF\49[1].js Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Temporary Internet Files\Content.IE5\W127WL6R\search.redzee[1].htm Object is locked skipped
C:\Documents and Settings\rent a center\ntuser.dat Object is locked skipped
C:\Documents and Settings\rent a center\ntuser.dat.LOG Object is locked skipped
C:\svhost.exe Infected: Trojan.Win32.Crypt.y skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP101\A0028475.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP102\A0028737.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP103\A0028997.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029319.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029668.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029669.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029670.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029671.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029672.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029673.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029674.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029675.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029676.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029677.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029678.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029679.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029680.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029683.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029885.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029895.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029897.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031089.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031090.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031091.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031092.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031093.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031094.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031095.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031096.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031097.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031098.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031099.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031100.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031101.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031102.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031103.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031104.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031105.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031106.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031107.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031108.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031109.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031110.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031111.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031112.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031113.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033020.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033021.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033022.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033023.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033024.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033025.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033026.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033027.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033028.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033029.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033030.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033031.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033032.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033033.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033034.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033035.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033036.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033037.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033038.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033039.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033040.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033041.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033042.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033043.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033044.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP162\A0044405.exe Infected: Trojan-Downloader.Win32.Agent.bca skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP171\A0046906.dll Infected: Trojan-Downloader.Win32.Small.ece skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP171\A0046909.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP171\A0046911.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP171\A0046913.exe Infected: Trojan-Downloader.Win32.Agent.bca skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP171\A0046915.exe Infected: Trojan-PSW.Win32.LdPinch.bdf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP173\change.log Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP56\A0008697.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP59\A0010769.exe/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP59\A0010769.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP59\A0010769.exe CryptFF: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP59\A0010772.com Infected: Trojan-Downloader.Win32.Small.dmj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP72\A0013115.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP73\A0018398.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP73\A0018408.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP73\A0018496.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP80\A0023820.rbf Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0023956.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0024991.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0025993.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0025996.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0026024.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026222.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026225.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026226.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026227.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026228.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026229.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026230.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026231.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026232.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026233.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026234.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026235.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026236.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026237.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP98\A0027169.exe Object is locked skipped
C:\tskmgr.exe Infected: Trojan-Downloader.Win32.Agent.bdr skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\lcass.exe Infected: Backdoor.Win32.Agent.akj skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3C4F2787-D7E1-4E04-96D8-34DFA1C89EBE}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{ED566B97-678B-4834-B31D-C946A6F572BA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\winsock32.exe Infected: Backdoor.Win32.Agent.akj skipped
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 12:58:18 PM, on 1/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\??mbols\w?nspool.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\rent a center\Desktop\hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {0F11ED1B-23F9-050B-DA7B-7E129843E4E1} - C:\WINDOWS\system32\drdwfw.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F11ED1B-23F9-050B-DA7B-7E129843E4E1} - C:\WINDOWS\system32\drdwfw.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\RunServices: [winsock32] winsock32
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk788JWUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167274428390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168973402265
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: COM+ Messages - Unknown owner - -e,te-110-12-0000213, (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: winsock32 (winsock32.exe) - Unknown owner - C:\WINDOWS\winsock32.exe
THIS IS THE KASPERSKY ONLINE SCAN
Tuesday, January 16, 2007 2:30:53 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 16/01/2007
Kaspersky Anti-Virus database records: 244431
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
Scan Statistics
Total number of scanned objects 71720
Number of viruses found 11
Number of infected objects 61 / 0
Number of suspicious objects 0
Duration of the scan process 01:19:51
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\rent a center\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\History\History.IE5\MSHist012007011620070117\index.dat Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Temp\fla98.tmp Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Temp\ze.exe Infected: Trojan-Downloader.Win32.Agent.bdr skipped
C:\Documents and Settings\rent a center\Local Settings\Temporary Internet Files\Content.IE5\0HA7O1EB\show[1].htm Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Temporary Internet Files\Content.IE5\4H6RWLQJ\webcam_430x600_laura01[1].flv Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Temporary Internet Files\Content.IE5\ALW761Q5\index[1].php Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Temporary Internet Files\Content.IE5\JAWVNXKL\49[1].js Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Temporary Internet Files\Content.IE5\JAWVNXKL\CA85EB4T.htm Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Temporary Internet Files\Content.IE5\S9Q3W5MF\49[1].js Object is locked skipped
C:\Documents and Settings\rent a center\Local Settings\Temporary Internet Files\Content.IE5\W127WL6R\search.redzee[1].htm Object is locked skipped
C:\Documents and Settings\rent a center\ntuser.dat Object is locked skipped
C:\Documents and Settings\rent a center\ntuser.dat.LOG Object is locked skipped
C:\svhost.exe Infected: Trojan.Win32.Crypt.y skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP101\A0028475.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP102\A0028737.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP103\A0028997.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029319.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029668.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029669.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029670.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029671.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029672.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029673.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029674.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029675.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029676.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029677.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029678.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029679.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029680.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029683.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029885.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029895.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0029897.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031089.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031090.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031091.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031092.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031093.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031094.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031095.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031096.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031097.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031098.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031099.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031100.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031101.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031102.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031103.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031104.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031105.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031106.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031107.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031108.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031109.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031110.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031111.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031112.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0031113.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033020.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033021.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033022.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033023.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033024.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033025.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033026.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033027.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033028.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033029.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033030.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033031.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033032.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033033.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033034.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033035.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033036.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033037.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033038.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033039.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033040.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033041.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033042.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033043.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP115\A0033044.exe Infected: Trojan-Downloader.Win32.Agent.awf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP162\A0044405.exe Infected: Trojan-Downloader.Win32.Agent.bca skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP171\A0046906.dll Infected: Trojan-Downloader.Win32.Small.ece skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP171\A0046909.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP171\A0046911.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP171\A0046913.exe Infected: Trojan-Downloader.Win32.Agent.bca skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP171\A0046915.exe Infected: Trojan-PSW.Win32.LdPinch.bdf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP173\change.log Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP56\A0008697.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP59\A0010769.exe/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP59\A0010769.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP59\A0010769.exe CryptFF: infected - 1 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP59\A0010772.com Infected: Trojan-Downloader.Win32.Small.dmj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP72\A0013115.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP73\A0018398.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP73\A0018408.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP73\A0018496.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP80\A0023820.rbf Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP81\A0023956.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0024991.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0025993.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0025996.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP87\A0026024.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026222.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026225.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026226.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026227.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026228.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026229.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026230.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026231.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026232.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026233.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026234.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026235.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026236.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP97\A0026237.exe Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP98\A0027169.exe Object is locked skipped
C:\tskmgr.exe Infected: Trojan-Downloader.Win32.Agent.bdr skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\lcass.exe Infected: Backdoor.Win32.Agent.akj skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3C4F2787-D7E1-4E04-96D8-34DFA1C89EBE}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{ED566B97-678B-4834-B31D-C946A6F572BA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\winsock32.exe Infected: Backdoor.Win32.Agent.akj skipped
Scan process completed.
0