w32.ircbot help

Unknown · April 2008

hi im running vista with a norton trial version it finds 3 w32.ircbot virus and it wont clean them any help would be great.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:33:35 AM, on 11/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Azureus\Azureus.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Nero\RemoteControl\NeroRemoteCtrlHandler.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O20 - AppInit_DLLs: ,C:\Windows\system32\rserver30\r3god.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Simply Accounting Database Connection Manager - Sage Software - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11222 bytes

KASPERSKY ONLINE SCANNER REPORT Friday, April 11, 2008 4:23:09 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/04/2008
Kaspersky Anti-Virus database records: 696917
Scan SettingsScan using the following antivirus databaseextendedScan ArchivestrueScan Mail BasestrueScan TargetMy ComputerC:\
D:\
E:\
F:\
G:\
H:\ Scan StatisticsTotal number of scanned objects166627Number of viruses found4Number of infected objects22Number of suspicious objects0Duration of the scan process02:08:23
Infected Object NameVirus NameLast ActionC:\boot\bcd Object is locked skipped C:\boot\BCD.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1FDE.txt Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped C:\ProgramData\CyberLink\TinyDB\EPGSignal Object is locked skipped C:\ProgramData\CyberLink\TinyDB\Schedule Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e383ef6cc2fd2889cbc84960932896a1_4ae2a442-4432-44fd-b228-c39ffe492dca Object is locked skipped C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.62.Crwl Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.62.gthr Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.ci Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.ci Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wsb Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.ci Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.ci Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG0020.000 Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy1366.gthr Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf3F50.tmp Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf3F51.tmp Object is locked skipped C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped C:\ProgramData\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped C:\ProgramData\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped C:\ProgramData\Symantec\Common Client\settings.DAT Object is locked skipped C:\ProgramData\Symantec\Common Client\volatile.DAT Object is locked skipped C:\ProgramData\Symantec\Common Client\{51B3B681-2143-414A-81EC-0A7C3A59D27A}.DAT Object is locked skipped C:\ProgramData\Symantec\Common Client\{E0CD4568-6504-482E-BCA0-42714A6ED137}.DAT Object is locked skipped C:\ProgramData\Symantec\Common Client\{E4F3A891-5700-4265-979C-454183DAAED8}.DAT Object is locked skipped C:\ProgramData\Symantec\Common Client\{F21E8773-3AA9-42AB-8B8D-C77E3BBBDF41}.DAT Object is locked skipped C:\ProgramData\Symantec\LiveUpdate\2008-04-11_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\ProgramData\Symantec\Shared\QBackup\index.qbs Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\Shl_{3FE27A21-3954-4896-85C0-D4F6AF24FB06}.ldb Object is locked skipped C:\ProgramData\Symantec\SPBBC\Shl_{3FE27A21-3954-4896-85C0-D4F6AF24FB06}.sds Object is locked skipped C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped C:\ProgramData\Symantec\SRTSP\SrtETmp\93F2C303.TMP Object is locked skipped C:\ProgramData\Symantec\SRTSP\SrtETmp\B0E92982.TMP Object is locked skipped C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\Users\NAKEDT\AppData\Local\Ahead\Nero Home\bl.db Object is locked skipped C:\Users\NAKEDT\AppData\Local\Ahead\Nero Home\is2.db Object is locked skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008041120080412\index.dat Object is locked skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8CTA0D5A\c2[1].htm Infected: Trojan-Clicker.HTML.IFrame.du skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\UsrClass.dat{576f04c3-dc4f-11dc-8f99-001e680180ae}.TM.blf Object is locked skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\UsrClass.dat{576f04c3-dc4f-11dc-8f99-001e680180ae}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\UsrClass.dat{576f04c3-dc4f-11dc-8f99-001e680180ae}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows Defender\FileTracker\{7176C71F-2FD9-4202-98DB-6658E435D5A7} Object is locked skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows Mail\Local Folders\Outbox\627D4B90-00000001.eml/[From "ty" ][Date Thu, 27 Mar 2008 15:39:18 -0400]/Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO.rar/Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO/iNDYGOO/Crack/R3GOD.DLL Infected: Backdoor.Win32.RAdmin.ab skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows Mail\Local Folders\Outbox\627D4B90-00000001.eml/[From "ty" ][Date Thu, 27 Mar 2008 15:39:18 -0400]/Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO.rar/Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO/iNDYGOO.part3.rar/Crack/R3GOD.DLL Infected: Backdoor.Win32.RAdmin.ab skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows Mail\Local Folders\Outbox\627D4B90-00000001.eml/[From "ty" ][Date Thu, 27 Mar 2008 15:39:18 -0400]/Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO.rar/Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO/iNDYGOO.part3.rar/Crack/radcrk.scr Infected: Backdoor.Win32.IRCBot.apj skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows Mail\Local Folders\Outbox\627D4B90-00000001.eml/[From "ty" ][Date Thu, 27 Mar 2008 15:39:18 -0400]/Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO.rar/Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO/iNDYGOO.part3.rar Infected: Backdoor.Win32.IRCBot.apj skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows Mail\Local Folders\Outbox\627D4B90-00000001.eml/[From "ty" ][Date Thu, 27 Mar 2008 15:39:18 -0400]/Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO.rar Infected: Backdoor.Win32.IRCBot.apj skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows Mail\Local Folders\Outbox\627D4B90-00000001.eml Mail: infected - 5 skipped C:\Users\NAKEDT\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped C:\Users\NAKEDT\AppData\Local\Temp\ehmsas.txt Object is locked skipped C:\Users\NAKEDT\AppData\Local\Temp\hsperfdata_NAKEDT\1808 Object is locked skipped C:\Users\NAKEDT\AppData\Local\Temp\~DF2BFA.tmp Object is locked skipped C:\Users\NAKEDT\AppData\Local\Temp\~DF2FA1.tmp Object is locked skipped C:\Users\NAKEDT\AppData\Local\Temp\~DF30B1.tmp Object is locked skipped C:\Users\NAKEDT\AppData\Roaming\Azureus\ipfilter.cache Object is locked skipped C:\Users\NAKEDT\AppData\Roaming\Azureus\tmp\AZU53645.tmp Object is locked skipped C:\Users\NAKEDT\AppData\Roaming\Azureus\tmp\AZU53646.tmp Object is locked skipped C:\Users\NAKEDT\AppData\Roaming\Azureus\tmp\AZU53647.tmp Object is locked skipped C:\Users\NAKEDT\AppData\Roaming\Azureus\tmp\AZU53648.tmp Object is locked skipped C:\Users\NAKEDT\AppData\Roaming\Azureus\tmp\AZU53649.tmp Object is locked skipped C:\Users\NAKEDT\AppData\Roaming\Azureus\tmp\AZU53650.tmp Object is locked skipped C:\Users\NAKEDT\AppData\Roaming\Azureus\tmp\AZU53651.tmp Object is locked skipped C:\Users\NAKEDT\AppData\Roaming\Azureus\tmp\AZU53652.tmp Object is locked skipped C:\Users\NAKEDT\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped C:\Users\NAKEDT\AppData\Roaming\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\American Gangster - The Complete First Season\S1E1 Stanley Tookie Williams.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\American Gangster - The Complete First Season\S1E2 Freeway Ricky Ross.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\American Gangster - The Complete First Season\S1E3 Leroy Nikki Barnes.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\American Gangster - The Complete First Season\S1E4 Troy and Dino Smith.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\American Gangster - The Complete First Season\S1E6 Lorenzo Fat Cat Nichols.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers\Crank Yankers - Dial T for Torment - A Mini Documentary-rocknonstop-XviD.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers\Crank Yankers -102-rocknonstop-XviD.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers\Crank Yankers -103-rocknonstop-XviD.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers\Crank Yankers -105-rocknonstop-XviD.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers\Crank Yankers -106-rocknonstop-XviD.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers\Crank Yankers -107-rocknonstop-XviD.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers\Crank Yankers -108-rocknonstop-XviD.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers\Crank Yankers -110-rocknonstop-XviD.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers Complete Season 2 -- Uncensored [DVD Rip]\Crank Yankers -- Season 2 -- Bonus Feature 2.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers Complete Season 2 -- Uncensored [DVD Rip]\Crank Yankers -- Season 2 -- Episode 1.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers Complete Season 2 -- Uncensored [DVD Rip]\Crank Yankers -- Season 2 -- Episode 10.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers Complete Season 2 -- Uncensored [DVD Rip]\Crank Yankers -- Season 2 -- Episode 11.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers Complete Season 2 -- Uncensored [DVD Rip]\Crank Yankers -- Season 2 -- Episode 12.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers Complete Season 2 -- Uncensored [DVD Rip]\Crank Yankers -- Season 2 -- Episode 13.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers Complete Season 2 -- Uncensored [DVD Rip]\Crank Yankers -- Season 2 -- Episode 15.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers Complete Season 2 -- Uncensored [DVD Rip]\Crank Yankers -- Season 2 -- Episode 2.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers Complete Season 2 -- Uncensored [DVD Rip]\Crank Yankers -- Season 2 -- Episode 3.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers Complete Season 2 -- Uncensored [DVD Rip]\Crank Yankers -- Season 2 -- Episode 4.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers Complete Season 2 -- Uncensored [DVD Rip]\Crank Yankers -- Season 2 -- Episode 5.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers Complete Season 2 -- Uncensored [DVD Rip]\Crank Yankers -- Season 2 -- Episode 6.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers Complete Season 2 -- Uncensored [DVD Rip]\Crank Yankers -- Season 2 -- Episode 7.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers Complete Season 2 -- Uncensored [DVD Rip]\Crank Yankers -- Season 2 -- Episode 8.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Crank Yankers Complete Season 2 -- Uncensored [DVD Rip]\Crank Yankers -- Season 2 -- Episode 9.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO\iNDYGOO\Crack\R3GOD.DLL Infected: Backdoor.Win32.RAdmin.ab skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO\iNDYGOO.part3.rar/Crack/R3GOD.DLL Infected: Backdoor.Win32.RAdmin.ab skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO\iNDYGOO.part3.rar/Crack/radcrk.scr Infected: Backdoor.Win32.IRCBot.apj skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO\iNDYGOO.part3.rar RAR: infected - 2 skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO.rar/Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO/iNDYGOO/Crack/R3GOD.DLL Infected: Backdoor.Win32.RAdmin.ab skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO.rar/Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO/iNDYGOO.part3.rar/Crack/R3GOD.DLL Infected: Backdoor.Win32.RAdmin.ab skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO.rar/Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO/iNDYGOO.part3.rar/Crack/radcrk.scr Infected: Backdoor.Win32.IRCBot.apj skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO.rar/Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO/iNDYGOO.part3.rar Infected: Backdoor.Win32.IRCBot.apj skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Famatech.Remote.Administrator.v3.0.1.WinAll.PROPER-iNDYGOO.rar RAR: infected - 4 skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 1\Hustle S01E01.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 1\Hustle S01E02.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 1\Hustle S01E03.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 1\Hustle S01E04.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 1\Hustle S01E05.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 1\Hustle S01E06.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 2\Hustle S02E01.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 2\Hustle S02E02.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 2\Hustle S02E03.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 2\Hustle S02E06.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 3\Hustle S03E01.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 3\Hustle S03E02.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 3\Hustle S03E03.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 3\Hustle S03E04.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 3\Hustle S03E05.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 3\Hustle S03E06.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 4\Hustle S04E01.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 4\Hustle S04E02.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 4\Hustle S04E03.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 4\Hustle S04E04.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 4\Hustle S04E05.avi Object is locked skipped C:\Users\NAKEDT\Documents\Azureus Downloads\Hustle Seasons 1-4\Hustle Season 4\Hustle S04E06.avi Object is locked skipped C:\Users\NAKEDT\Downloads\radmin22.zip/RADMIN22.EXE/radmin.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped C:\Users\NAKEDT\Downloads\radmin22.zip/RADMIN22.EXE/r_server.exe Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped C:\Users\NAKEDT\Downloads\radmin22.zip/RADMIN22.EXE/raddrv.dll Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped C:\Users\NAKEDT\Downloads\radmin22.zip/RADMIN22.EXE Infected: not-a-virus:RemoteAdmin.Win32.RAdmin.22 skipped C:\Users\NAKEDT\Downloads\radmin22.zip ZIP: infected - 4 skipped C:\Users\NAKEDT\ntuser.dat Object is locked skipped C:\Users\NAKEDT\ntuser.dat.LOG1 Object is locked skipped C:\Users\NAKEDT\ntuser.dat.LOG2 Object is locked skipped C:\Users\NAKEDT\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped C:\Users\NAKEDT\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Users\NAKEDT\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Windows\Debug\PASSWD.LOG Object is locked skipped C:\Windows\Debug\sam.log Object is locked skipped C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\ehmsdri.log Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\ehRecvr.log Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Windows\SoftwareDistribution\EventCache\{963174BD-BAEB-48A6-9FFD-C44F5C286F13}.bin Object is locked skipped C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped C:\Windows\System32\catroot2\edb.log Object is locked skipped C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped C:\Windows\System32\config\COMPONENTS Object is locked skipped C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped C:\Windows\System32\config\DEFAULT Object is locked skipped C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped C:\Windows\System32\config\RegBack\SAM Object is locked skipped C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped C:\Windows\System32\config\SAM Object is locked skipped C:\Windows\System32\config\SAM.LOG1 Object is locked skipped C:\Windows\System32\config\SAM.LOG2 Object is locked skipped C:\Windows\System32\config\SECURITY Object is locked skipped C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped C:\Windows\System32\config\SOFTWARE Object is locked skipped C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped C:\Windows\System32\config\SYSTEM Object is locked skipped C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{9f1e9824-ddd3-11dc-8572-001e680180ae}.TxR.0.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{9f1e9824-ddd3-11dc-8572-001e680180ae}.TxR.1.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{9f1e9824-ddd3-11dc-8572-001e680180ae}.TxR.2.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{9f1e9824-ddd3-11dc-8572-001e680180ae}.TxR.blf Object is locked skipped C:\Windows\System32\drivers\sptd.sys Object is locked skipped C:\Windows\System32\LogFiles\HTTPERR\httperr1.log Object is locked skipped C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped C:\Windows\System32\rserver30\R3GOD.DLL Infected: Backdoor.Win32.RAdmin.ab skipped C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 Object is locked skipped C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped C:\Windows\Temp\JET622B.tmp Object is locked skipped C:\Windows\WindowsUpdate.log Object is locked skipped D:\System Volume Information\Desktop.ini Object is locked skipped D:\System Volume Information\Folder.htt Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\protect.chinese hong kong Object is locked skipped D:\System Volume Information\protect.chinese simplified Object is locked skipped D:\System Volume Information\protect.chinese traditional Object is locked skipped D:\System Volume Information\protect.czech Object is locked skipped D:\System Volume Information\protect.danish Object is locked skipped D:\System Volume Information\protect.dutch Object is locked skipped D:\System Volume Information\Protect.ed Object is locked skipped D:\System Volume Information\protect.english Object is locked skipped D:\System Volume Information\protect.finnish Object is locked skipped D:\System Volume Information\protect.french Object is locked skipped D:\System Volume Information\protect.german Object is locked skipped D:\System Volume Information\protect.greek Object is locked skipped D:\System Volume Information\protect.hebrew Object is locked skipped D:\System Volume Information\protect.hungarian Object is locked skipped D:\System Volume Information\protect.italian Object is locked skipped D:\System Volume Information\protect.japanese Object is locked skipped D:\System Volume Information\protect.korean Object is locked skipped D:\System Volume Information\protect.norwegian Object is locked skipped D:\System Volume Information\protect.polish Object is locked skipped D:\System Volume Information\protect.portuguese Object is locked skipped D:\System Volume Information\protect.portuguese brazilian Object is locked skipped D:\System Volume Information\protect.russian Object is locked skipped D:\System Volume Information\protect.spanish Object is locked skipped D:\System Volume Information\protect.swedish Object is locked skipped D:\System Volume Information\protect.turkish Object is locked skipped Scan process completed.

Veka · April 2008

Hi nakedt and welcome to Icrontic.

Frankly, I'm not glad. It appears you have downloaded infected (and illegal) stuff using Azureus. Not good. But the worst thing is you might have downloaded a Backdoor Trojan. Do you know what it is? According to Symantec's definition, Backdoor Trojan is a generic detection for a group of Trojan horse programs that open a back door and allow a remote attacker to have unauthorized access to the compromised computer. What you think about that? These trojans can perform many things, like use your system and Internet connection to send spam, steal your online and offline passwords or credit card numbers, log your activity etc. There's almost no limit to what they can do.

I'll help you to clean up your system, but I really hope you take heed. Otherwise, I'm just wasting my time. Be more carefull if still using P2P softwares, and please note that stuff there might be illegal and/or infected. Remember to check all downloaded files with an Antivirus!

Please read this also:

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple, file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

====================================================

I highly recommend to remove the Norton's trial version (use Add or Remove Programs) and get one of these free ones:

AntiVir
AVG Free Edition
avast! 4 Home Edition

Besides that, you need a firwall. It is critical to use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built into Windows. It doesn't block everything that may try to get in, it doesn't block anything at all outbound, and the entire firewall is written to the registry. Since most malware accesses the registry and can disable the Windows firewall, it's preferable to install one of these excellent third party solutions:

Comodo
Zone Alarm
Sunbelt Kerio PF

Please let me know when you're ready to start!

Veka · April 2008

Are you there?

nakedt · April 2008

sorry been realy sick ill leave message when im ready.

Veka · April 2008

OK, I'll keep this open.

Veka · April 2008

How are ya?

nakedt · April 2008

hey sorry for the delay. Ok i got anivar and comodo and im ready to go.

Veka · April 2008

No problems. Please post a fresh HijackThis log.

nakedt · April 2008

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:30 PM, on 26/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Azureus\Azureus.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O20 - AppInit_DLLs: ,C:\Windows\system32\rserver30\r3god.dll C:\Windows\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Simply Accounting Database Connection Manager - Sage Software - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10409 bytes

Veka · April 2008

Hi, please do the following...

(1)

Please download to your desktop

ATF Cleaner
OTMoveIt2

(2)

Run ATF Cleaner

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

(3)

Run OTMoveIt2

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
(Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8CTA0D5A\c2[1].htm
C:\Users\NAKEDT\Documents\Azureus Downloads\Famatech.Remote.Administrator.v3.0.1.Win All.PROPER-iNDYGOO\iNDYGOO\Crack\R3GOD.DLL
C:\Users\NAKEDT\Documents\Azureus Downloads\Famatech.Remote.Administrator.v3.0.1.Win All.PROPER-iNDYGOO\iNDYGOO.part3.rar
C:\Users\NAKEDT\Documents\Azureus Downloads\Famatech.Remote.Administrator.v3.0.1.Win All.PROPER-iNDYGOO.rar
C:\Users\NAKEDT\Documents\Azureus Downloads\Famatech.Remote.Administrator.v3.0.1.Win All.PROPER-iNDYGOO
C:\Windows\System32\rserver30\R3GOD.DLL
C:\Windows\System32\rserver30

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

(4)

Please do an online scan with Kaspersky Online Scanner
click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary.
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Copy and paste the report into your next reply, along with the OTMoveIt log.

nakedt · April 2008

< C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8CTA0D5A\c2[1].htm >
File/Folder C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8CTA0D5A\c2[1].htm not found.
File/Folder C:\Users\NAKEDT\Documents\Azureus Downloads\Famatech.Remote.Administrator.v3.0.1.Win All.PROPER-iNDYGOO\iNDYGOO\Crack\R3GOD.DLL not found.
File/Folder C:\Users\NAKEDT\Documents\Azureus Downloads\Famatech.Remote.Administrator.v3.0.1.Win All.PROPER-iNDYGOO\iNDYGOO.part3.rar not found.
File/Folder C:\Users\NAKEDT\Documents\Azureus Downloads\Famatech.Remote.Administrator.v3.0.1.Win All.PROPER-iNDYGOO.rar not found.
File/Folder C:\Users\NAKEDT\Documents\Azureus Downloads\Famatech.Remote.Administrator.v3.0.1.Win All.PROPER-iNDYGOO not found.
File/Folder C:\Windows\System32\rserver30\R3GOD.DLL not found.
C:\Windows\System32\rserver30\CHATLOGS moved successfully.
C:\Windows\System32\rserver30 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04282008_163008

KASPERSKY ONLINE SCANNER REPORT
Monday, April 28, 2008 6:58:59 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/04/2008
Kaspersky Anti-Virus database records: 729108

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 151185
Number of viruses found: 1
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 01:29:46
Infected Object Name / Virus Name / Last Action
C:\boot\bcd Object is locked skipped
C:\boot\BCD.LOG Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU230A.txt Object is locked skipped
C:\ProgramData\comodo\common\db\sigsdb.db Object is locked skipped
C:\ProgramData\comodo\Firewall Pro\cfplogdb.sdb Object is locked skipped
C:\ProgramData\CyberLink\TinyDB\EPGSignal Object is locked skipped
C:\ProgramData\CyberLink\TinyDB\Schedule Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e383ef6cc2fd2889cbc84960932896a1_4ae2a442-4432-44fd-b228-c39ffe492dca Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.78.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.78.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010025.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010026.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010027.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010029.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002F.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010030.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010030.dir Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010030.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010045.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010051.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG0030.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.001 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl5.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy1706.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfEE1E.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfEE2F.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped
C:\ProgramData\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Adobe\Acrobat\8.0\Updater\updater.log Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Adobe\Updater5\aumLib.log Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Ahead\Nero Home\bl.db Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Ahead\Nero Home\is2.db Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008042520080426\index.dat Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008042820080429\index.dat Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\UsrClass.dat{576f04c3-dc4f-11dc-8f99-001e680180ae}.TM.blf Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\UsrClass.dat{576f04c3-dc4f-11dc-8f99-001e680180ae}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows\UsrClass.dat{576f04c3-dc4f-11dc-8f99-001e680180ae}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows Defender\FileTracker\{9CDA751F-57FB-4241-8137-B70095C8B3CC} Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Temp\ehmsas.txt Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Temp\hsperfdata_NAKEDT\4752 Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Temp\~DF395.tmp Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Temp\~DF62C.tmp Object is locked skipped
C:\Users\NAKEDT\AppData\Local\Temp\~DFFFDD.tmp Object is locked skipped
C:\Users\NAKEDT\AppData\Roaming\Azureus\ipfilter.cache Object is locked skipped
C:\Users\NAKEDT\AppData\Roaming\Azureus\tmp\AZU13620.tmp Object is locked skipped
C:\Users\NAKEDT\AppData\Roaming\Azureus\tmp\AZU13621.tmp Object is locked skipped
C:\Users\NAKEDT\AppData\Roaming\Azureus\tmp\AZU13622.tmp Object is locked skipped
C:\Users\NAKEDT\AppData\Roaming\Azureus\tmp\AZU13623.tmp Object is locked skipped
C:\Users\NAKEDT\AppData\Roaming\Azureus\tmp\AZU13624.tmp Object is locked skipped
C:\Users\NAKEDT\AppData\Roaming\Azureus\tmp\AZU13625.tmp Object is locked skipped
C:\Users\NAKEDT\AppData\Roaming\Azureus\tmp\AZU13626.tmp Object is locked skipped
C:\Users\NAKEDT\AppData\Roaming\Azureus\tmp\AZU13627.tmp Object is locked skipped
C:\Users\NAKEDT\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.2\Oz.S02E01.AC3.DVDRip.DivX-SFM.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.2\Oz.S02E02.AC3.DVDRip.DivX-SFM.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.2\Oz.S02E03.AC3.DVDRip.DivX-SFM.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.2\Oz.S02E04.AC3.DVDRip.DivX-SFM.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.2\Oz.S02E05.AC3.DVDRip.DivX-SFM.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.2\Oz.S02E06.AC3.DVDRip.DivX-SFM.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.2\Oz.S02E07.AC3.DVDRip.DivX-SFM.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.2\Oz.S02E08.AC3.DVDRip.DivX-SFM.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.3\Oz.S03E01.DVDRip.XviD-VFUA.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.3\Oz.S03E02.DVDRip.XviD-VFUA.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.3\Oz.S03E03.AC3.DVDRip.XviD-FoV.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.3\Oz.S03E04.AC3.DVDRip.XviD-FoV.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.3\Oz.S03E05.AC3.DVDRip.XviD-FoV.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.3\Oz.S03E06.AC3.DVDRip.XviD-FoV.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.3\Oz.S03E07.DVDRip.XviD-VFUA.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.3\Oz.S03E08.DVDRip.XviD-VFUA.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.4\Oz.S04E01.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.4\Oz.S04E03.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.4\Oz.S04E04.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.4\Oz.S04E05.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.4\Oz.S04E06.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.4\Oz.S04E07.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.4\Oz.S04E08.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.4\Oz.S04E10.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.4\Oz.S04E12.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.4\Oz.S04E13.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.4\Oz.S04E14.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.4\Oz.S04E15.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.4\Oz.S04E16.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.5\Oz.S05E01.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.5\Oz.S05E02.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.5\Oz.S05E03.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.5\Oz.S05E04.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.5\Oz.S05E05.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.5\Oz.S05E06.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.5\Oz.S05E07.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.5\Oz.S05E08.AC3.DVDRip.XviD-MEDiEVAL.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.6\Oz.S06E01.DVDRip.XviD-TOPAZ.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.6\Oz.S06E02.DVDRip.XviD-TOPAZ.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.6\Oz.S06E03.DVDRip.XviD-TOPAZ.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.6\Oz.S06E04.DVDRip.XviD-TOPAZ.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.6\Oz.S06E05.DVDRip.XviD-TOPAZ.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.6\Oz.S06E06.DVDRip.XviD-TOPAZ.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.6\Oz.S06E07.DVDRip.XviD-TOPAZ.avi Object is locked skipped
C:\Users\NAKEDT\Documents\Azureus Downloads\Oz.COMPLETE.DVDRip\Season.6\Oz.S06E08.DVDRip.XviD-TOPAZ.avi Object is locked skipped
C:\Users\NAKEDT\Downloads\setupxv.exe/AntiSpywareApp/SpyCleaner.dll Infected: not-a-virus:FraudTool.Win32.SpywareStop.b skipped
C:\Users\NAKEDT\Downloads\setupxv.exe 7-Zip: infected - 1 skipped
C:\Users\NAKEDT\Downloads\setupxv.exe UPX: infected - 1 skipped
C:\Users\NAKEDT\Downloads\setupxv.exe PE_Patch.UPX: infected - 1 skipped
C:\Users\NAKEDT\ntuser.dat Object is locked skipped
C:\Users\NAKEDT\ntuser.dat.LOG1 Object is locked skipped
C:\Users\NAKEDT\ntuser.dat.LOG2 Object is locked skipped
C:\Users\NAKEDT\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\NAKEDT\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\NAKEDT\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\ehmsdri.log Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\ehRecvr.log Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{BD356A05-9D43-4832-8593-C0E2E7BBE216}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{9f1e9824-ddd3-11dc-8572-001e680180ae}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{9f1e9824-ddd3-11dc-8572-001e680180ae}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{9f1e9824-ddd3-11dc-8572-001e680180ae}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{9f1e9824-ddd3-11dc-8572-001e680180ae}.TxR.blf Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\Desktop.ini Object is locked skipped
D:\System Volume Information\Folder.htt Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\protect.chinese hong kong Object is locked skipped
D:\System Volume Information\protect.chinese simplified Object is locked skipped
D:\System Volume Information\protect.chinese traditional Object is locked skipped
D:\System Volume Information\protect.czech Object is locked skipped
D:\System Volume Information\protect.danish Object is locked skipped
D:\System Volume Information\protect.dutch Object is locked skipped
D:\System Volume Information\Protect.ed Object is locked skipped
D:\System Volume Information\protect.english Object is locked skipped
D:\System Volume Information\protect.finnish Object is locked skipped
D:\System Volume Information\protect.french Object is locked skipped
D:\System Volume Information\protect.german Object is locked skipped
D:\System Volume Information\protect.greek Object is locked skipped
D:\System Volume Information\protect.hebrew Object is locked skipped
D:\System Volume Information\protect.hungarian Object is locked skipped
D:\System Volume Information\protect.italian Object is locked skipped
D:\System Volume Information\protect.japanese Object is locked skipped
D:\System Volume Information\protect.korean Object is locked skipped
D:\System Volume Information\protect.norwegian Object is locked skipped
D:\System Volume Information\protect.polish Object is locked skipped
D:\System Volume Information\protect.portuguese Object is locked skipped
D:\System Volume Information\protect.portuguese brazilian Object is locked skipped
D:\System Volume Information\protect.russian Object is locked skipped
D:\System Volume Information\protect.spanish Object is locked skipped
D:\System Volume Information\protect.swedish Object is locked skipped
D:\System Volume Information\protect.turkish Object is locked skipped
Scan process completed.

hope this helps

Veka · May 2008

Looks pretty good, just delete this file

C:\Users\NAKEDT\Downloads\setupxv.exe

And post a fresh HijackThis log.

How is your computer running?

nakedt · May 2008

computer has always ran fine its just that norton picked that up. after seeing what you told me to delet it looks like those were part of a program i downloaded called remote administrator. its all gone now thanks for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:18 AM, on 01/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ConnectionManager] C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O20 - AppInit_DLLs: ,C:\Windows\system32\rserver30\r3god.dll C:\Windows\system32\guard32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Simply Accounting Database Connection Manager - Sage Software - C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10408 bytes

Veka · May 2008

Your log looks good. How is your computer doing?

nakedt · May 2008

running good thanks for your help

Veka · May 2008

Glad we could be of assistance! The help you received here was free.

This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead

_______________________________

Have we helped you with any issues you have had with your PCs or other items? If so, you can now help us by Joining Team 93 and fold for a cure.

w32.ircbot help

Comments