Jump to content


Privacy_danger

Started by Mikee J, Oct 30 2007 07:15 PM

  • You cannot reply to this topic
7 replies to this topic

#1 OFFLINE   Mikee J

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 30 October 2007 - 07:15 PM

Hi,

I have the rpivay_danger virus I have read alot of info on here se have decided to register and do it properly.

Please exuse the spelling, my computer has slowed down so much I'm not correcting it.

So far i have downloaded the hijackthis tool and have copied and pasted the log onto a notepad doc.

the log is also here

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:52, on 30/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/sport
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: MSVPS System - {64DE95E5-0A25-4DD9-A472-97BC1D419101} - C:\WINDOWS\movctrlswd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: The nssfrch - {2106BEDE-F5E8-4DE8-A081-A7E5EAD1529B} - C:\WINDOWS\nssfrch.dll
O4 - HKLM\..\Run: [BBStart] D:\BTBROA~6\Setup.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint....rintActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup161.cab
O18 - Protocol: bw+0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: bxsbang - {BDB366CC-F826-45E9-83C9-F821755F47B0} - C:\WINDOWS\bxsbang.dll
O21 - SSODL: ocgrep - {A3B17FE7-DB5C-43C1-BB2F-F7333B80F3F7} - C:\WINDOWS\ocgrep.dll (file missing)
O21 - SSODL: msmhost - {33544C5E-D60F-40A9-A7E1-6E129F427442} - C:\WINDOWS\msmhost.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 22100 bytes


Now I think I need to get the Smitfruad tool.. is that right?

#2 OFFLINE   Mikee J

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 30 October 2007 - 07:46 PM

OK.. I thnk i have done it...the smitfraud report looks iek this:

SmitFraudFix v2.245

Scan done at 19:30:10.95, 30/10/2007
Run from C:\Documents and Settings\Mike\My Documents\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\bxsbang.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{BDB366CC-F826-45E9-83C9-F821755F47B0}]
C:\WINDOWS\kthemup.exe Deleted
C:\WINDOWS\movctrlswd.dll Deleted
C:\WINDOWS\msmhost.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{33544C5E-D60F-40A9-A7E1-6E129F427442}]
C:\WINDOWS\nssfrch.dll Deleted
C:\WINDOWS\privacy_danger\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6E3BE802-EF18-4B13-80B6-A2EBC2037281}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6E3BE802-EF18-4B13-80B6-A2EBC2037281}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6E3BE802-EF18-4B13-80B6-A2EBC2037281}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

The new Hijack this report looks like this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:15, on 30/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [BBStart] D:\BTBROA~6\Setup.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint....rintActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup161.cab
O18 - Protocol: bw+0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 20328 bytes


Eveything seems to be working. Does this look OK??

Thanks so much to AndyManchesta who's advice I followed from another thread.

Mikee J

#3 OFFLINE   Mikee J

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 31 October 2007 - 08:17 PM

Can anyone tell me why I had to post these logs onto here? Do i need to do anything else?

#4 OFFLINE   AndyManchesta

    Power Member

  • Spyware Moderators
  • 1,821 posts
  • Gender:Male
  • Location:Manchester. UK
  • Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.

Posted 08 November 2007 - 04:51 AM

Hi Mikee J

We are sorry for the delay in responding. The volunteers here are often also helping at many other forums and unfortunately not all logs get answered as quickly as we'd like.

Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner
  • Read and Accept the Agreement
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If you see a Windows dialog asking if you want to install this software, click the Install button.
  • The program will launch and then begin downloading the latest definition files,
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
After the scan has finished please post the Kaspersky log and a new Hijackthis log so we can make sure there's no remaining problems

Thanks

Andy

#5 OFFLINE   Mikee J

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 11 November 2007 - 12:05 PM

PLease don;t apologise. Your help is most apppreciated.

I must stay I was concerned witht the outcome of the Kaspersky Scan. 13 Viruses and 400 infected objects1

Here's a latest Highjack this log..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:26, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TalkTalk\bin\sprtcmd.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\utorrent\utorrent.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/sport
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [BBStart] D:\BTBROA~6\Setup.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-945264458-4166771015-1810448960-1007\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Marianne')
O4 - HKUS\S-1-5-21-945264458-4166771015-1810448960-1007\..\Run: [LDM] \Program\ (User 'Marianne')
O4 - HKUS\S-1-5-21-945264458-4166771015-1810448960-1007\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 (User 'Marianne')
O4 - HKUS\S-1-5-21-945264458-4166771015-1810448960-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Marianne')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint....rintActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup161.cab
O18 - Protocol: bw+0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {F7660206-35FB-40FF-AFD9-47CEF2A6D01E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 21083 bytes


And the Kaspersky log..

Saturday, November 10, 2007 9:05:02 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/11/2007
Kaspersky Anti-Virus database records: 456116


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 75969
Number of viruses found 15
Number of infected objects 403
Number of suspicious objects 0
Duration of the scan process 01:03:52

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Marianne\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Marianne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Marianne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Marianne\Local Settings\Application Data\SupportSoft\talktalk\Marianne\state\logs\sprtcmd.log Object is locked skipped

C:\Documents and Settings\Marianne\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1022.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1022.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1022.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1022.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1022.tmp ZIP: infected - 4 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1071.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1071.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1071.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1071.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1071.tmp ZIP: infected - 4 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT10D8.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT10D8.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT10D8.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT10F4.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT10F4.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT10F4.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT10F4.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT115F.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT115F.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT115F.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT115F.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT115F.tmp ZIP: infected - 4 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1178.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1178.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1178.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT11E8.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT11E8.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT11E8.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT124C.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT124C.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT124C.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT129C.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT129C.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT129C.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT129C.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT12D2.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT12D2.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT12D2.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT12E4.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT12E4.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT12E4.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT12F6.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT12F6.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT12F6.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1320.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1320.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1320.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1336.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1336.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1336.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT134A.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT134A.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT134A.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT13A2.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT13A2.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT13A2.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT14A4.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT14A4.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT14A4.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT14BD.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT14BD.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT14BD.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT14BD.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT14DC.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT14DC.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT14DC.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT14DC.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT14F4.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT14F4.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT14F4.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT14F4.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT150E.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT150E.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT150E.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT150E.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1545.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1545.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1545.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1545.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1549.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1549.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1549.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1564.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1564.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1564.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT15AA.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT15AA.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT15AA.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT15B3.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT15B3.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT15B3.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT15B3.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT15C2.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT15C2.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT15C2.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT15C2.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1607.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1607.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1607.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT160E.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT160E.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT160E.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT160E.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT160E.tmp ZIP: infected - 4 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT168A.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT168A.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT168A.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT16BA.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT16BA.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT16BA.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT16F2.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT16F2.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT16F2.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT17A3.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT17A3.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT17A3.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT17A3.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT17CB.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT17CB.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT17CB.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT17CB.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT17FA.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT17FA.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT17FA.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT17FA.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1826.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1826.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1826.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1851.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1851.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1851.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1866.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1866.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1866.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1866.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1874.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1874.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT1874.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT187C.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT187C.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT187C.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT187C.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT18D0.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT18D0.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT18D0.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT98F.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT98F.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT98F.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BIT98F.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITA0E.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITA0E.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITA0E.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITA0E.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITA23.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITA23.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITA23.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITAAE.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITAAE.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITAAE.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITAF9.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITAF9.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITAF9.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITAF9.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITAF9.tmp ZIP: infected - 4 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB1E.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB1E.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB1E.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB2A.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB2A.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB2A.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB2A.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB38.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB38.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB38.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB52.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB52.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB52.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB52.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB52.tmp ZIP: infected - 4 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB60.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB60.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB60.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB60.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB7D.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB7D.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB7D.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB7D.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB8A.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB8A.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITB8A.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC0C.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC0C.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC0C.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC0C.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC0C.tmp/ac8zt2/msmhost.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC0C.tmp ZIP: infected - 5 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC1C.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC1C.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC1C.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC1C.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC20.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC20.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC20.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC20.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC20.tmp/ac8zt2/msmhost.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC20.tmp ZIP: infected - 5 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC3E.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC3E.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC3E.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC3E.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC3E.tmp/ac8zt2/msmhost.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC3E.tmp/ac8zt2/nsduo.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC3E.tmp ZIP: infected - 6 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC62.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC62.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC62.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC62.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC6A.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC6A.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC6A.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC84.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC84.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITC84.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITCC0.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITCC0.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITCC0.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITCC0.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITCC0.tmp ZIP: infected - 4 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITD0C.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITD0C.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITD0C.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITD0C.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITD0C.tmp ZIP: infected - 4 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITD21.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITD21.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITD21.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITD21.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITD21.tmp ZIP: infected - 4 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITD49.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITD49.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITD49.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE09.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE09.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE09.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE09.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE23.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE23.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE23.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE23.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE2B.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE2B.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE2B.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE2B.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE2F.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE2F.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE2F.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE2F.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE2F.tmp/ac8zt2/msmhost.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE2F.tmp/ac8zt2/nsduo.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE2F.tmp/ac8zt2/rmv.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE2F.tmp ZIP: infected - 7 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE42.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE42.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE42.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE65.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE65.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE65.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE65.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITE65.tmp ZIP: infected - 4 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITEBB.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITEBB.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITEBB.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITEBB.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITEBB.tmp/ac8zt2/msmhost.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITEBB.tmp/ac8zt2/nsduo.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITEBB.tmp/ac8zt2/rmv.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITEBB.tmp ZIP: infected - 7 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITED5.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITED5.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITED5.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITED5.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITED5.tmp/ac8zt2/msmhost.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITED5.tmp/ac8zt2/nsduo.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITED5.tmp/ac8zt2/rmv.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITED5.tmp ZIP: infected - 7 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITEFA.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITEFA.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITEFA.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITF13.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITF13.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITF13.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITF13.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITF47.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITF47.tmp ZIP: infected - 1 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITF4F.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITF4F.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITF4F.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITF4F.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITF4F.tmp ZIP: infected - 4 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITF81.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITF81.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITF81.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITF81.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITF81.tmp ZIP: infected - 4 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFBB.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFBB.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFBB.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFBB.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFBB.tmp/ac8zt2/msmhost.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFBB.tmp/ac8zt2/nsduo.dll Infected: not-a-virus:AdWare.Win32.Agent.kc skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFBB.tmp/ac8zt2/rmv.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFBB.tmp ZIP: infected - 7 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFC3.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFC3.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFC3.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFF6.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFF6.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFF6.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFF6.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFF6.tmp ZIP: infected - 4 skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFFE.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFFE.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFFE.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Marianne\Local Settings\Temp\BITFFE.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Marianne\Local Settings\Temporary Internet Files\Content.IE5\14X6MGI4\in[1].htm Infected: Trojan-Downloader.JS.Psyme.me skipped

C:\Documents and Settings\Marianne\Local Settings\Temporary Internet Files\Content.IE5\2VDPM4A1\setup[1].htm Infected: Trojan-Downloader.HTML.Agent.ao skipped

C:\Documents and Settings\Marianne\Local Settings\Temporary Internet Files\Content.IE5\D269NHJI\n1404-3[1].htm Infected: Trojan-Downloader.JS.Psyme.mf skipped

C:\Documents and Settings\Marianne\Local Settings\Temporary Internet Files\Content.IE5\FZHISHHY\n1404-4[1].htm Infected: Trojan-Downloader.JS.Psyme.mf skipped

C:\Documents and Settings\Marianne\Local Settings\Temporary Internet Files\Content.IE5\H354VOMO\n1404-5[1].htm Infected: Trojan-Downloader.JS.Psyme.mf skipped

C:\Documents and Settings\Marianne\Local Settings\Temporary Internet Files\Content.IE5\H354VOMO\n1404-6[1].htm Infected: Trojan-Downloader.JS.Psyme.mf skipped

C:\Documents and Settings\Marianne\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Marianne\Local Settings\Temporary Internet Files\Content.IE5\J3BWXDKF\count[1].htm Infected: Trojan-Downloader.JS.Inor.a skipped

C:\Documents and Settings\Marianne\Local Settings\Temporary Internet Files\Content.IE5\SSLLX30F\n1404-1[1].htm Infected: Trojan-Downloader.JS.Psyme.mf skipped

C:\Documents and Settings\Marianne\Local Settings\Temporary Internet Files\Content.IE5\SSLLX30F\n1404-2[1].htm Infected: Trojan-Downloader.JS.Agent.nw skipped

C:\Documents and Settings\Marianne\Local Settings\Temporary Internet Files\Content.IE5\SSLLX30F\oxnhdgr[1].htm Infected: Trojan.JS.Agent.j skipped

C:\Documents and Settings\Marianne\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Marianne\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Mike\Cookies\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\Application Data\SupportSoft\talktalk\Mike\state\logs\sprtcmd.log Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\History\History.IE5\MSHist012007111020071111\index.dat Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT13C3.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT13C3.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT13C3.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT13C3.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1437.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1437.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1437.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1483.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1483.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1483.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT14EA.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT14EA.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT14EA.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT14F9.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT14F9.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT14F9.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1521.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1521.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1521.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT154A.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT154A.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT154A.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1596.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1596.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1596.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT15E5.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT15E5.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT15E5.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT15E5.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1632.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1632.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1632.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1632.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT16D7.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT16D7.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT16D7.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1740.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1740.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1740.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT1740.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT176D.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT176D.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT176D.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT176D.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT17DB.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT17DB.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT17DB.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT17DB.tmp ZIP: infected - 3 skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT17FE.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT17FE.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT17FE.tmp/ac8zt2/main_uninstaller.exe Infected: Trojan-Downloader.Win32.Zlob.cpx skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT17FE.tmp/ac8zt2/msmdev.dll Infected: Trojan-Downloader.Win32.Agent.dag skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT17FE.tmp ZIP: infected - 4 skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT180C.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT180C.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT180C.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT18EB.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT18EB.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT18EB.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT18EE.tmp/ac8zt2/edi.exe Infected: not-a-virus:AdWare.Win32.Agent.tw skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT18EE.tmp/ac8zt2/install.bat Infected: not-a-virus:AdWare.Win32.Agent.lf skipped

C:\Documents and Settings\Mike\Local Settings\Temp\BIT18EE.tmp ZIP: infected - 2 skipped

C:\Documents and Settings\Mike\Local Settings\Temp\~DFC44A.tmp Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\Temp\~DFC456.tmp Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Mike\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped

C:\Documents and Settings\Mike\My Documents\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Mike\My Documents\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Mike\My Documents\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Mike\My Documents\SmitfraudFix.exe RarSFX: infected - 2 skipped

C:\Documents and Settings\Mike\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Mike\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Mike\UserData\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP689\A0065106.ocx Infected: Trojan.Win32.Agent.cig skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP693\A0067226.dll Infected: not-a-virus:AdWare.Win32.Vapsup.jh skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP693\A0067227.dll Infected: not-a-virus:AdWare.Win32.Agent.jw skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP704\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Antivirus.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_5e0.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


It may or may not be useful to add that I run Avast! (free downloadable version) virus software. After all this I think I may have to put hand in pocket. What do you think?

Thanks again.

Mikee J


View PostAndyManchesta, on Nov 8 2007, 04:51 AM, said:

Hi Mikee J

We are sorry for the delay in responding. The volunteers here are often also helping at many other forums and unfortunately not all logs get answered as quickly as we'd like.

Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner
  • Read and Accept the Agreement
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If you see a Windows dialog asking if you want to install this software, click the Install button.
  • The program will launch and then begin downloading the latest definition files,
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
After the scan has finished please post the Kaspersky log and a new Hijackthis log so we can make sure there's no remaining problems

Thanks

Andy

#6 OFFLINE   AndyManchesta

    Power Member

  • Spyware Moderators
  • 1,821 posts
  • Gender:Male
  • Location:Manchester. UK
  • Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.

Posted 13 November 2007 - 04:06 AM

Thanks Mikee

That looks quite good, just afew things to fix, all the infections found are update files in your temp folders for the junk that smitfraudfix removed so CCleaner or clearing the temp folders will remove them all from the pc

Run HijackThis and choose Do A System Scan then place a check next to these entries

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

Close all open browser and other windows except for HijackThis and press the Fix Checked button

Optional Fixes

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Application Scheduler installed along with Real Player. Once installed, it runs independently and doesnt need to start up automatically with Windows. If you wanted to fix it then also disable the feature so it doesnt return, goto Start Menu > All Programs > Real Player > Click Tools then Preferences. Goto The Automatic Services and uncheck all boxes. Do the same for the AutoUpdate & Message Center tabs and press OK then exit

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
Checks for Java updates but doesnt need to start with Windows. You can still update Java after fixing this entry by using the Control Panel's Java icon (Start Menu > Control Panel > Java) or by visiting Sun's website Here

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
QuickTime tray icon which doesnt need to start with Windows, Quicktime movies will still play automatically when they are run. If you wanted to fix it then to stop it coming back right click the blue Quicktime Icon in the system tray and click Quicktime Preferences or access Quicktimes options on the Control Panel. Goto the Advanced tab and Uncheck the 'Install Quicktime Icon In System Tray' box then press Apply and OK


Download CCleaner if you do not have it installed from Here. Run the setup file and press Next, click I Agree on the Licence Agreement then Next again, click Install and then finally click Finish, Run CCleaner and press the Run Cleaner button to remove temp files then exit CCleaner.

Then clear your System Restore points:

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created. Then press OK to clear the temp files found in the initial scan and close Disk Cleanup


Regarding paying for an Antivirus program Id say programs like Kaspersky are well worth whatever they cost but freeware programs can be just a good so its really what works best for you, its difficult to rate your current AV based on it not being able to detect these files in the temp folder as they change daily and sometimes many times a day so its quite common for not alot of AVs to detect the files,

Ive added scan results below for the files they are using at the moment which would look like this in Hijackthis

O2 - BHO: MSVPS System - {D5375315-6567-4DCA-8344-C78AA4B89C11} - C:\WINDOWS\oprevfqv.dll
O3 - Toolbar: The bonsws - {E3ED01B7-EAF2-4A33-989C-B95E65DA0415} - C:\WINDOWS\bonsws.dll
O21 - SSODL: ddkret - {Random CLSID} - C:\WINDOWS\ddkret.dll
O21 - SSODL: nopctrl - {Random CLSID} - C:\WINDOWS\nopctrl.dll

Quote

File sawkip.exe received on 11.13.2007 04:37:59 (CET)

Result: 1/32 (3.13%)

Antivirus Version Last Update Result
AhnLab-V3 2007.11.13.0 2007.11.13 -
AntiVir 7.6.0.34 2007.11.13 -
Authentium 4.93.8 2007.11.13 -
Avast 4.7.1074.0 2007.11.12 -
AVG 7.5.0.503 2007.11.12 Downloader.Zlob.RDF
BitDefender 7.2 2007.11.13 -
CAT-QuickHeal 9.00 2007.11.12 -
ClamAV 0.91.2 2007.11.12 -
DrWeb 4.44.0.09170 2007.11.12 -
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5290 2007.11.12 -
Ewido 4.0 2007.11.12 -
FileAdvisor 1 2007.11.13 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.13 -
F-Secure 6.70.13030.0 2007.11.13 -
Ikarus T3.1.1.12 2007.11.13 -
Kaspersky 7.0.0.125 2007.11.13 -
McAfee 5161 2007.11.12 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2653 2007.11.12 -
Norman 5.80.02 2007.11.12 -
Panda 9.0.0.4 2007.11.13 -
Prevx1 V2 2007.11.13 -
Rising 20.18.02.00 2007.11.12 -
Sophos 4.23.0 2007.11.13 -
Sunbelt 2.2.907.0 2007.11.13 -
Symantec 10 2007.11.13 -
TheHacker 6.2.9.124 2007.11.13 -
VBA32 3.12.2.4 2007.11.11 -
VirusBuster 4.3.26:9 2007.11.12 -
Webwasher-Gateway 6.0.1 2007.11.13 -
Additional information
File size: 81920 bytes
MD5: 00b2778e68e4ade0d5fb8fdabf1f7d80
SHA1: 12c3419f5beba57737515ede6aec755a20fef69c

Quote

File nopctrl.dll received on 11.13.2007 04:37:40 (CET)

Result: 5/32 (15.63%)

Antivirus Version Last Update Result
AhnLab-V3 2007.11.13.0 2007.11.13 -
AntiVir 7.6.0.34 2007.11.13 TR/Zlob.Dll
Authentium 4.93.8 2007.11.13 -
Avast 4.7.1074.0 2007.11.12 Win32:Agent-LTS
AVG 7.5.0.503 2007.11.12 -
BitDefender 7.2 2007.11.13 -
CAT-QuickHeal 9.00 2007.11.12 -
ClamAV 0.91.2 2007.11.12 -
DrWeb 4.44.0.09170 2007.11.12 -
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5290 2007.11.12 -
Ewido 4.0 2007.11.12 -
FileAdvisor 1 2007.11.13 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.13 -
F-Secure 6.70.13030.0 2007.11.13 -
Ikarus T3.1.1.12 2007.11.13 Virus.Win32.Agent.LTS
Kaspersky 7.0.0.125 2007.11.13 not-a-virus:AdWare.Win32.Vapsup.lp
McAfee 5161 2007.11.12 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2653 2007.11.12 -
Norman 5.80.02 2007.11.12 -
Panda 9.0.0.4 2007.11.13 -
Prevx1 V2 2007.11.13 -
Rising 20.18.02.00 2007.11.12 -
Sophos 4.23.0 2007.11.13 -
Sunbelt 2.2.907.0 2007.11.13 -
Symantec 10 2007.11.13 -
TheHacker 6.2.9.124 2007.11.13 -
VBA32 3.12.2.4 2007.11.11 -
VirusBuster 4.3.26:9 2007.11.12 -
Webwasher-Gateway 6.0.1 2007.11.13 Trojan.Zlob.Dll
Additional information
File size: 229376 bytes
MD5: a5dfe025bc522a88767ea434d88f1c2d
SHA1: 74a2b41053ed5466ee2910b837e151b53fda4e66

Quote

File oprevfqv.dll received on 11.13.2007 04:37:13 (CET)

Result: 4/32 (12.5%)

Antivirus Version Last Update Result
AhnLab-V3 2007.11.13.0 2007.11.13 -
AntiVir 7.6.0.34 2007.11.13 -
Authentium 4.93.8 2007.11.13 -
Avast 4.7.1074.0 2007.11.12 -
AVG 7.5.0.503 2007.11.12 Downloader.Zlob.LY
BitDefender 7.2 2007.11.13 -
CAT-QuickHeal 9.00 2007.11.12 -
ClamAV 0.91.2 2007.11.12 -
DrWeb 4.44.0.09170 2007.11.12 -
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5290 2007.11.12 -
Ewido 4.0 2007.11.12 -
FileAdvisor 1 2007.11.13 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.13 -
F-Secure 6.70.13030.0 2007.11.13 -
Ikarus T3.1.1.12 2007.11.13 Generic.NetAdware
Kaspersky 7.0.0.125 2007.11.13 not-a-virus:AdWare.Win32.Vapsup.lp
McAfee 5161 2007.11.12 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2653 2007.11.12 -
Norman 5.80.02 2007.11.12 -
Panda 9.0.0.4 2007.11.13 Suspicious file
Prevx1 V2 2007.11.13 -
Rising 20.18.02.00 2007.11.12 -
Sophos 4.23.0 2007.11.13 -
Sunbelt 2.2.907.0 2007.11.13 -
Symantec 10 2007.11.13 -
TheHacker 6.2.9.124 2007.11.13 -
VBA32 3.12.2.4 2007.11.11 -
VirusBuster 4.3.26:9 2007.11.12 -
Webwasher-Gateway 6.0.1 2007.11.13 -
Additional information
File size: 278528 bytes
MD5: 488a39511ce458edb20a0dbfb8e2cc41
SHA1: 77133570a1b7952e90869ecfa52995d21941d654

Quote

File ddkret.dll received on 11.13.2007 04:36:44 (CET)

Result: 1/32 (3.13%)

Antivirus Version Last Update Result
AhnLab-V3 2007.11.13.0 2007.11.13 -
AntiVir 7.6.0.34 2007.11.13 -
Authentium 4.93.8 2007.11.13 -
Avast 4.7.1074.0 2007.11.12 -
AVG 7.5.0.503 2007.11.12 -
BitDefender 7.2 2007.11.13 -
CAT-QuickHeal 9.00 2007.11.12 -
ClamAV 0.91.2 2007.11.12 -
DrWeb 4.44.0.09170 2007.11.12 -
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5290 2007.11.12 -
Ewido 4.0 2007.11.12 -
FileAdvisor 1 2007.11.13 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.13 -
F-Secure 6.70.13030.0 2007.11.13 -
Ikarus T3.1.1.12 2007.11.13 Virus.Win32.Agent.LTS
Kaspersky 7.0.0.125 2007.11.13 -
McAfee 5161 2007.11.12 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2653 2007.11.12 -
Norman 5.80.02 2007.11.12 -
Panda 9.0.0.4 2007.11.13 -
Prevx1 V2 2007.11.13 -
Rising 20.18.02.00 2007.11.12 -
Sophos 4.23.0 2007.11.13 -
Sunbelt 2.2.907.0 2007.11.13 -
Symantec 10 2007.11.13 -
TheHacker 6.2.9.124 2007.11.13 -
VBA32 3.12.2.4 2007.11.11 -
VirusBuster 4.3.26:9 2007.11.12 -
Webwasher-Gateway 6.0.1 2007.11.13 -
Additional information
File size: 204800 bytes
MD5: 95251765fd89766754c6ac63410e9125
SHA1: 8a01b59d055a0ed5bdfa7522e95d64fd09422335


Quote

File bonsws.dll received on 11.13.2007 04:36:21 (CET)

Result: 1/32 (3.13%)

Antivirus Version Last Update Result
AhnLab-V3 2007.11.13.0 2007.11.13 -
AntiVir 7.6.0.34 2007.11.13 -
Authentium 4.93.8 2007.11.13 -
Avast 4.7.1074.0 2007.11.12 -
AVG 7.5.0.503 2007.11.12 Downloader.Zlob.LT
BitDefender 7.2 2007.11.13 -
CAT-QuickHeal 9.00 2007.11.12 -
ClamAV 0.91.2 2007.11.12 -
DrWeb 4.44.0.09170 2007.11.12 -
eSafe 7.0.15.0 2007.11.08 -
eTrust-Vet 31.2.5290 2007.11.12 -
Ewido 4.0 2007.11.12 -
FileAdvisor 1 2007.11.13 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.13 -
F-Secure 6.70.13030.0 2007.11.13 -
Ikarus T3.1.1.12 2007.11.13 -
Kaspersky 7.0.0.125 2007.11.13 -
McAfee 5161 2007.11.12 -
Microsoft 1.3007 2007.11.12 -
NOD32v2 2653 2007.11.12 -
Norman 5.80.02 2007.11.12 -
Panda 9.0.0.4 2007.11.13 -
Prevx1 V2 2007.11.13 -
Rising 20.18.02.00 2007.11.12 -
Sophos 4.23.0 2007.11.13 -
Sunbelt 2.2.907.0 2007.11.13 -
Symantec 10 2007.11.13 -
TheHacker 6.2.9.124 2007.11.13 -
VBA32 3.12.2.4 2007.11.11 -
VirusBuster 4.3.26:9 2007.11.12 -
Webwasher-Gateway 6.0.1 2007.11.13 -
Additional information
File size: 188416 bytes
MD5: b489f9621eb8495c1319e21a252827a4
SHA1: 6d50d35272d44e6d46f68eb7be8d1c1b9ddd3f89


To make sure there's no remaining probelms please download AVG Anti-Spyware
  • Load AVG and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Click on the Scanner tab at the top and then click on Complete System Scan
  • AVG will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG will then display "All actions have been applied" on the right.
  • Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back
Cheers

Andy

#7 OFFLINE   Mikee J

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 11 December 2007 - 06:07 PM

AndyManchesta,

Just a quick note to let you know what I have been up to. I ended up getting Nortn 360, thinking it would solve all my problems. Probem was it slowed my computer down to a crawl. So I took it off. I now have AVG Free and my computer has never worked so well. Fingers crossed.

I also wanted to say a big thankyou to you for your help. I would have almost certainly taken my computer into shop and spent loads of money if you hadn't helped me out. I really appreciate it.

Thanks alot. Whoever you are. ;)

Mikee J




View PostAndyManchesta, on Nov 13 2007, 04:06 AM, said:

Thanks Mikee

That looks quite good, just afew things to fix, all the infections found are update files in your temp folders for the junk that smitfraudfix removed so CCleaner or clearing the temp folders will remove them all from the pc

Run HijackThis and choose Do A System Scan then place a check next to these entries

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

Close all open browser and other windows except for HijackThis and press the Fix Checked button

Optional Fixes

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Application Scheduler installed along with Real Player. Once installed, it runs independently and doesnt need to start up automatically with Windows. If you wanted to fix it then also disable the feature so it doesnt return, goto Start Menu > All Programs > Real Player > Click Tools then Preferences. Goto The Automatic Services and uncheck all boxes. Do the same for the AutoUpdate & Message Center tabs and press OK then exit

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
Checks for Java updates but doesnt need to start with Windows. You can still update Java after fixing this entry by using the Control Panel's Java icon (Start Menu > Control Panel > Java) or by visiting Sun's website Here

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
QuickTime tray icon which doesnt need to start with Windows, Quicktime movies will still play automatically when they are run. If you wanted to fix it then to stop it coming back right click the blue Quicktime Icon in the system tray and click Quicktime Preferences or access Quicktimes options on the Control Panel. Goto the Advanced tab and Uncheck the 'Install Quicktime Icon In System Tray' box then press Apply and OK
Download CCleaner if you do not have it installed from Here. Run the setup file and press Next, click I Agree on the Licence Agreement then Next again, click Install and then finally click Finish, Run CCleaner and press the Run Cleaner button to remove temp files then exit CCleaner.

Then clear your System Restore points:

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created. Then press OK to clear the temp files found in the initial scan and close Disk Cleanup
Regarding paying for an Antivirus program Id say programs like Kaspersky are well worth whatever they cost but freeware programs can be just a good so its really what works best for you, its difficult to rate your current AV based on it not being able to detect these files in the temp folder as they change daily and sometimes many times a day so its quite common for not alot of AVs to detect the files,

Ive added scan results below for the files they are using at the moment which would look like this in Hijackthis

O2 - BHO: MSVPS System - {D5375315-6567-4DCA-8344-C78AA4B89C11} - C:\WINDOWS\oprevfqv.dll
O3 - Toolbar: The bonsws - {E3ED01B7-EAF2-4A33-989C-B95E65DA0415} - C:\WINDOWS\bonsws.dll
O21 - SSODL: ddkret - {Random CLSID} - C:\WINDOWS\ddkret.dll
O21 - SSODL: nopctrl - {Random CLSID} - C:\WINDOWS\nopctrl.dll

To make sure there's no remaining probelms please download AVG Anti-Spyware
  • Load AVG and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Click on the Scanner tab at the top and then click on Complete System Scan
  • AVG will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG will then display "All actions have been applied" on the right.
  • Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back
Cheers

Andy

#8 OFFLINE   AndyManchesta

    Power Member

  • Spyware Moderators
  • 1,821 posts
  • Gender:Male
  • Location:Manchester. UK
  • Interests:Music, Movies, Website Building & Design, Malware Testing/Research and spending time with friends & family.

Posted 11 December 2007 - 11:45 PM

Your welcome Mikee,

I'm glad I was able to help and its great to hear things are running better again, to help prevent more infections please read the prevention steps Here and Here as they contain alot of excellent tips and links to freeware programs that help keep the PC secure,

Hopefully those steps will lower the chances of getting more malware on the PC but let us know if you have problems again anytime and we will be happy to help

Happy Surfing :)

Andy
Back to Spyware Hell


  1. Piriform Community Forums
  2. Computer Help and Discussion
  3. Spyware Hell