[quote name=\'guestolo\' post=\'184645\' date=\'Aug 26 2006, 09:17 PM\']Are all your anti-spyware protections still disabled?
If not, they should be until we are All done here
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Save the rest of these instructions to a text file saved too desktop
for use in safe mode without Internet connection
Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.
Once in safe mode
Open Killbox.exe
Leave "Standard Kill file" selected
In the "Full path of File to Delete" copy and paste the full entry below in bold
C:\WINDOWS\SYSTEM32\winwil32.dllThen click the Red Circle with the White X
Allow to make a backup and delete the file
Exit Killbox
Navigate to the following temp folders and delete the WHOLE contents of each folder, including subfolders, but don't delete the temp folder itself
# C:\Windows\
Temp\
# C:\Documents and Settings\<Your Profile>\Local Settings\
Temporary Internet Files\
# C:\Documents and Settings\<Your Profile>\Local Settings\
Temp\
# C:\Documents and Settings\<Any other users Profile>\Local Settings\
Temporary Internet Files\
# C:\Documents and Settings\<Any other users Profile>\Local Settings\
Temp\
Do a "System scan only" with Hijackthis and put a check next to these entries:
O20 - Winlogon Notify: winwil32 - C:\WINDOWS\SYSTEM32\winwil32.dll (file missing)
After you have ticked the above entries, close
All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot back to Normal mode
From my signature below, Run an online virus scan at Kaspersky's
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
o Scan Options:
Scan Archives
Scan Mail Bases
* Click OK
* Now under select a target to scan:
Select My Computer
* This program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
o Now click on the Save as Text button:
* Save the file to your desktop.
* Copy and paste that information in your next post along with a fresh hijackthis log[/quote]
Ok i have quite a few viruses then! When i tried to delete this file
C:\WINDOWS\SYSTEM32\winwil32.dll with killbox it would not delete.
Logfile of HijackThis v1.99.1
Scan saved at 20:58:10, on 27/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\TEMP\idd2E.tmp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\hijackthis2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\en-ie\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\en-ie\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-ie\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\en-ie\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://downloads.ewido.net/ewidoOnlineScan.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{6DAB3423-0A2B-433F-A331-2FEB4323685A}: NameServer = 213.94.190.235 213.94.190.195
O18 - Protocol: bw+0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {55B216FE-0D06-4306-9006-6706A4704CD2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwil32 - C:\WINDOWS\SYSTEM32\winwil32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
O23 - Service: Omniquad MyPrivacy - Unknown owner - C:\Program Files\Omniquad Total Security\MyPrivacy\mpsvc.exe (file missing)
O23 - Service: OPFSVC - Unknown owner - C:\Program Files\Omniquad Total Security\OPF\OPFSVC.exe (file missing)
O23 - Service: Personal Firewall - Unknown owner - C:\Program Files\Omniquad Total Security\OPF\pfsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, August 27, 2006 8:56:32 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/08/2006
Kaspersky Anti-Virus database records: 218731
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 63752
Number of viruses found: 19
Number of infected objects: 91 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:19:41
Infected Object Name / Virus Name / Last Action
C:\!KillBox\winwil32.dll Infected: Packed.Win32.Klone.g skipped
C:\Documents and Settings\Admin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Incomplete\T-273818-@ heavy metal barbie girl 24.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\hsperfdata_Admin\328 Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF4C4E.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF4C59.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\AntiPhishing\07FB382D-AA75-4683-82F4-EAB265A275CB.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\T1583OHY\srvysz[1].exe Infected: Trojan.Win32.Pakes skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\TSUM1HN8\bgates[1].exe Infected: Trojan.Win32.Dialer.pz skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\TSUM1HN8\css[2].css Object is locked skipped
C:\Documents and Settings\Admin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Admin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-08152006-215155.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\LimeWire\log.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\L0000004.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Admin\Data\storydb.idx Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\35F44367.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3C9B53C6.tmp Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\40031E07.tmp Infected: P2P-Worm.Win32.VB.dw skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4F4A5460.tmp Infected: Worm.Win32.VB.an skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5F01415D.tmp Infected: Trojan-Dropper.Win32.WinAD.h skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\621D45F0.tmp Infected: Trojan-Dropper.Win32.WinAD.h skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0486NAV~.TMP Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0490NAV~.TMP Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010006.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP284\A0120659.exe Infected: Trojan-Downloader.Win32.Zlob.ado skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP284\A0120665.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP284\A0120670.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP284\A0120813.exe Infected: Trojan.Win32.Dialer.qs skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP284\A0120842.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP284\A0120963.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP284\A0120964.dll Infected: not-a-virus:AdWare.Win32.SmartSearch.b skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP284\A0120973.exe Infected: Trojan-Downloader.Win32.Zlob.ado skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP284\A0120974.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP286\A0121007.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP286\A0121008.exe Infected: Trojan-Downloader.Win32.Zlob.ado skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP286\A0121023.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP286\A0121166.exe Infected: Trojan.Win32.Dialer.qs skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP286\A0121195.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP286\A0121316.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP286\A0121317.dll Infected: not-a-virus:AdWare.Win32.SmartSearch.b skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP286\A0121359.exe Infected: Trojan-Downloader.Win32.Zlob.ado skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP286\A0121431.exe Infected: Trojan-Downloader.Win32.Zlob.adg skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP286\A0121432.exe Infected: Trojan-Downloader.Win32.Zlob.ado skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP286\A0121434.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP286\A0121451.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.da skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP286\A0121703.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP290\A0122046.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP293\A0122248.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP293\A0122270.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP293\A0122316.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP293\A0123314.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP293\A0123342.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP293\A0123492.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP293\A0123522.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP293\A0123546.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP293\A0123565.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP294\A0123589.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP300\A0123705.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP301\A0123752.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP302\A0123826.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP303\A0123892.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP305\A0124018.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP306\A0124049.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP313\A0124148.dll Infected: Trojan-Clicker.Win32.Agent.ct skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP313\A0124149.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP313\A0124150.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP313\A0124151.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP313\A0124152.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP313\A0124153.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP313\A0124154.exe Infected: Trojan.Win32.Dialer.qs skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP313\A0124155.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.by skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP313\A0124156.dll Infected: not-a-virus:AdWare.Win32.SmartSearch.b skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP313\A0124162.dll Infected: Trojan-Downloader.Win32.Delf.amb skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP341\A0130873.exe Infected: Trojan.Win32.Dialer.pz skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP348\A0132963.exe Infected: Trojan.Win32.Dialer.pz skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP366\A0140100.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP366\A0140101.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP369\A0140216.exe Infected: Trojan.Win32.Dialer.pz skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP369\A0140217.exe Infected: Trojan.Win32.Dialer.pz skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP369\A0140218.exe Infected: Trojan.Win32.Dialer.pz skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP381\A0141517.exe Infected: Trojan.Win32.Dialer.pz skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP381\A0141530.exe Infected: Trojan.Win32.Dialer.pz skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP381\A0141544.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP381\A0141561.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP381\A0141562.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP381\A0141563.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP389\A0142732.exe Infected: Trojan.Win32.Dialer.pz skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP390\A0142832.exe Infected: Trojan.Win32.Dialer.pz skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP390\A0143910.exe Infected: Trojan.Win32.Dialer.pz skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP393\A0145043.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP393\A0145044.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP393\A0145045.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{1C4AEEF7-E5F8-4C55-A67C-AFE20A94E538}\RP393\change.log Object is locked skipped
C:\WINDOWS\cpblpbc28.log Infected: Trojan-Downloader.Win32.Delf.aeo skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_AC97 Data Fax SoftModem with SmartCP.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\gebyv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.da skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe/webcontrol/btwebcontrol.dll Infected: not-a-virus:Dialer.Win32.BT.g skipped
C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe CAB: infected - 1 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winwil32.dll Infected: Packed.Win32.Klone.g skipped
C:\WINDOWS\TEMP\idd2E.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\TEMP\idd34E6.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\TEMP\idd3D4.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\TEMP\idd3EA1.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\WINDOWS\TEMP\win2C.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\WINDOWS\TEMP\win341B.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\WINDOWS\TEMP\win3B0.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\WINDOWS\TEMP\win3EA0.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
