Hi,
Oops I think my PC has something more serious to be fixed first. I can't find C:\WINDOWS\system32\qwertybot.exe to be uploaded to http://www.bleepingc...e.php?channel=7.
I think maybe it's because of the file is hidden. But my PC's "Show hidden files and folders" option is not functioning. It might has been locked by some kind of virus? Please advise.. :(
Can't Show Hidden Files
Started by
victorywp
, Feb 02 2007 03:47 AM
81 replies to this topic
#17
Bobbi Flekman
-
- Charter Members
-
- 5,990 posts
The computer whisperer
Posted 07 February 2007 - 10:43 AM
I have merged your two active topics!
Unless Teacup asks me she'll be your helper.
Unless Teacup asks me she'll be your helper.
#18
teacup61
-
- Charter Members
-
- 1,558 posts
Is GSF inventory
Posted 07 February 2007 - 12:33 PM
Hello,
Download the trial version of Spy Sweeper from
Here
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)
You will be prompted to check for updated definitions, please do so.
(This may take several minutes)
Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.
Click on Sweep and allow it to fully scan your system.
When the sweep has finished, click Remove. Click Select All and then Next
From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.
Exit Spy Sweeper.
Restart your computer, and then please copy and paste the SpySweeper log into this thread, along with a new HijackThis log. You told me you could see hidden files now, and you told Bobbi Flekman that you could not. Let me know which it is, please.
tea
Download the trial version of Spy Sweeper from
Here
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)
You will be prompted to check for updated definitions, please do so.
(This may take several minutes)
Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.
Click on Sweep and allow it to fully scan your system.
When the sweep has finished, click Remove. Click Select All and then Next
From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.
Exit Spy Sweeper.
Restart your computer, and then please copy and paste the SpySweeper log into this thread, along with a new HijackThis log. You told me you could see hidden files now, and you told Bobbi Flekman that you could not. Let me know which it is, please.
tea
#19
victorywp
-
- Active Members
-
- 89 posts
Adv. Member
Posted 08 February 2007 - 12:44 AM
Hi,
Oops... The two active topics are not for the same PC. Sorry for not mentioning to you earlier. Teacup has helped me on my first PC. The "Show hidden files and folders" option is working fine with that PC now.
I thought my second PC is only infected with the MSN problem when I opened the topic. But then only i realised that it has also infected just like my first PC - Can't Show Hidden Files. So what should I do now? Shall these two active topics be separated again? Really sorry that I have messed up things. :(
Oops... The two active topics are not for the same PC. Sorry for not mentioning to you earlier. Teacup has helped me on my first PC. The "Show hidden files and folders" option is working fine with that PC now. I thought my second PC is only infected with the MSN problem when I opened the topic. But then only i realised that it has also infected just like my first PC - Can't Show Hidden Files. So what should I do now? Shall these two active topics be separated again? Really sorry that I have messed up things. :(
#20
teacup61
-
- Charter Members
-
- 1,558 posts
Is GSF inventory
Posted 08 February 2007 - 05:40 AM
Are these computers networked together? If they are, they really need to be separated and cleaned one at a time, else they'll just keep bouncing infections off one another. Those two logs are so similar.......Go ahead and follow my last directions, please. If we don't keep going other things may pop up and we'll have to start over.....this stuff is nasty enough as it is.
#21
victorywp
-
- Active Members
-
- 89 posts
Adv. Member
Posted 08 February 2007 - 06:22 AM
Hi,
Yup, they are sharing the same Modem + Router . Alright, now I will unplug my second PC from the connection & follow your last direction to clean it.
So, how was the condition for my first PC the other day? Did you receive the file which I have uploaded? Was my last Combofix report ok? Anyway, I will now clean the second PC first.
Those two logs look similar maybe because both installed with the same type of platform, internet browser, & almost all the same programs & softwares are installed. LOL
Thanks a lot.
Yup, they are sharing the same Modem + Router . Alright, now I will unplug my second PC from the connection & follow your last direction to clean it.
So, how was the condition for my first PC the other day? Did you receive the file which I have uploaded? Was my last Combofix report ok? Anyway, I will now clean the second PC first.
Those two logs look similar maybe because both installed with the same type of platform, internet browser, & almost all the same programs & softwares are installed. LOL
Thanks a lot.
Edited by victorywp, 08 February 2007 - 06:49 AM.
#22
victorywp
-
- Active Members
-
- 89 posts
Adv. Member
Posted 08 February 2007 - 09:25 AM
Hi,
Spy Sweeper Session Log:-
5:15 PM: Removal process completed. Elapsed time 00:00:06
5:14 PM: Quarantining All Traces: trojan-downloader-firstwolf
5:14 PM: Removal process initiated
5:12 PM: Traces Found: 1
5:12 PM: Custom Sweep has completed. Elapsed time 00:29:02
5:12 PM: File Sweep Complete, Elapsed Time: 00:23:30
5:10 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
5:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Error Code 80030070] on [c:\found.000\file0002.chk]
5:04 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\bitcomet\downloads\happy.feet.2006.ts.xvid-xanax-with end-22-11-06-pass\happy.feet.2006.ts.xvid-xanax.rar.bc!]
5:02 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\read0600win_enuyhoo0010.pdf]
5:02 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\rdrmsgenu.pdf]
5:02 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]
5:02 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]
4:59 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\user\application data\adobe\acrobat\7.0\messages\enu\read0700win_enuadbe0700.pdf]
4:58 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\user\local settings\application data\im\identities\{018de100-1728-44b4-ac1e-8c5604af6020}\message store\attachments\may 2006.xls]
4:58 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat.log]
4:58 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat]
4:58 PM: Warning: Failed to open file "c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:58 PM: Warning: Failed to open file "c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\documents and settings\user\local settings\temp\perflib_perfdata_6ac.dat]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\user\ntuser.dat.log]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\user\ntuser.dat]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\ntuser.dat.log]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\ntuser.dat]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\data\settings.dat]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\networkservice\ntuser.dat.log]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\networkservice\ntuser.dat]
4:57 PM: Warning: Failed to open file "c:\documents and settings\user\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\user\ntuser.dat". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\data\settings.dat". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
4:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\softwaredistribution\eventcache\{9e2ed2c9-7909-4075-8dfa-901be9bae16e}.bin]
4:55 PM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{9e2ed2c9-7909-4075-8dfa-901be9bae16e}.bin". The process cannot access the file because it is being used by another process
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\drivers\fidbox2.dat]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\drivers\fidbox2.idx]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\drivers\fidbox.dat]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\drivers\fidbox.idx]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\default]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\software]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\system]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\security.log]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\sam.log]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\sam]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\security]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\default.log]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\software.log]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\system.log]
4:51 PM: Warning: Failed to open file "c:\windows\system32\drivers\fidbox2.dat". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\drivers\fidbox2.idx". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\drivers\fidbox.dat". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\drivers\fidbox.idx". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
4:49 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\pagefile.sys]
4:49 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\hiberfil.sys]
4:49 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
4:49 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
4:49 PM: Starting File Sweep
4:49 PM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
4:49 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
4:49 PM: Starting Cookie Sweep
4:49 PM: Registry Sweep Complete, Elapsed Time:00:00:40
4:49 PM: HKU\S-1-5-21-1292428093-1957994488-1343024091-1003\software\microsoft\windows\currentversion\run\ || firewall auto setup (ID = 1901597)
4:49 PM: Found Trojan Horse: trojan-downloader-firstwolf
4:48 PM: Starting Registry Sweep
4:48 PM: Memory Sweep Complete, Elapsed Time: 00:04:33
4:43 PM: Starting Memory Sweep
4:43 PM: Start Custom Sweep
4:43 PM: Sweep initiated using definitions version 845
4:43 PM: Sweep Status: 1 Item Found
4:43 PM: Traces Found: 1
4:43 PM: File Sweep Complete, Elapsed Time: 00:35:27
4:42 PM: Sweep Canceled
4:39 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\backup\_restore\archive\fs14.cab]
4:34 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu\data1.cab]
4:33 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
4:33 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterupdatedisablenotify.zip]
4:29 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
4:28 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\found.000\file0002.chk]
4:23 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\bitcomet\downloads\happy.feet.2006.ts.xvid-xanax-with end-22-11-06-pass\happy.feet.2006.ts.xvid-xanax.rar.bc!]
4:21 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\read0600win_enuyhoo0010.pdf]
4:21 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\rdrmsgenu.pdf]
4:21 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]
4:21 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]
4:18 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\user\application data\adobe\acrobat\7.0\messages\enu\read0700win_enuadbe0700.pdf]
4:17 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\user\local settings\application data\im\identities\{018de100-1728-44b4-ac1e-8c5604af6020}\message store\attachments\may 2006.xls]
4:16 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat.log]
4:16 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat]
4:16 PM: Warning: Failed to open file "c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:16 PM: Warning: Failed to open file "c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:16 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\documents and settings\user\local settings\temp\perflib_perfdata_6ac.dat]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\user\local settings\temp\perflib_perfdata_7b0.dat]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\user\ntuser.dat.log]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\user\ntuser.dat]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\data\settings.dat]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\ntuser.dat.log]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\ntuser.dat]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\networkservice\ntuser.dat.log]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\networkservice\ntuser.dat]
4:15 PM: Warning: Failed to open file "c:\documents and settings\user\local settings\temp\perflib_perfdata_7b0.dat". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\user\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\user\ntuser.dat". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\data\settings.dat". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
4:14 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\softwaredistribution\eventcache\{9e2ed2c9-7909-4075-8dfa-901be9bae16e}.bin]
4:13 PM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{9e2ed2c9-7909-4075-8dfa-901be9bae16e}.bin". The process cannot access the file because it is being used by another process
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\drivers\fidbox2.dat]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\drivers\fidbox2.idx]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\drivers\fidbox.dat]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\drivers\fidbox.idx]
4:09 PM: Warning: Failed to open file "c:\windows\system32\drivers\fidbox2.dat". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\drivers\fidbox2.idx". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\drivers\fidbox.dat". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\drivers\fidbox.idx". The process cannot access the file because it is being used by another process
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\default]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\software]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\system]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\security.log]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\sam.log]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\sam]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\security]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\default.log]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\software.log]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\system.log]
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
4:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\pagefile.sys]
4:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\hiberfil.sys]
4:07 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
4:07 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
4:07 PM: Starting File Sweep
4:07 PM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
4:07 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
4:07 PM: Starting Cookie Sweep
4:07 PM: Registry Sweep Complete, Elapsed Time:00:00:44
4:07 PM: HKU\S-1-5-21-1292428093-1957994488-1343024091-1003\software\microsoft\windows\currentversion\run\ || firewall auto setup (ID = 1901597)
4:07 PM: Found Trojan Horse: trojan-downloader-firstwolf
4:06 PM: Starting Registry Sweep
4:06 PM: Memory Sweep Complete, Elapsed Time: 00:05:02
4:01 PM: Starting Memory Sweep
4:01 PM: BHO Shield: found: -- BHO installation allowed at user request
4:01 PM: Start Custom Sweep
4:01 PM: Sweep initiated using definitions version 845
4:00 PM: Your virus definitions have been updated.
4:00 PM: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 2/7/2007 2:25:34 PM (GMT)
4:00 PM: ApplicationMinimized - EXIT
4:00 PM: ApplicationMinimized - ENTER
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
3:57 PM: Shield States
3:57 PM: Spyware Definitions: 845
3:57 PM: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 2/7/2007 2:25:34 PM (GMT)
3:56 PM: Spy Sweeper 5.3.1.2344 started
3:56 PM: Spy Sweeper 5.3.1.2344 started
3:56 PM: | Start of Session, Thursday, February 08, 2007 |
***************
Operation: File Access
Target:
Source: C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\IS-229SA.TMP\IS-9G8AI.TMP
3:18 PM: Tamper Detection
3:18 PM: ApplicationMinimized - EXIT
3:18 PM: ApplicationMinimized - ENTER
3:17 PM: None
3:17 PM: Traces Found: 0
3:17 PM: Memory Sweep Complete, Elapsed Time: 00:02:07
3:17 PM: Sweep Canceled
3:15 PM: Starting Memory Sweep
3:15 PM: Start Custom Sweep
3:15 PM: Sweep initiated using definitions version 845
3:14 PM: BHO Shield: found: -- BHO installation allowed at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:13 PM: BHO Shield: found: -- BHO installation denied at user request
3:13 PM: BHO Shield: found: -- BHO installation denied at user request
3:13 PM: BHO Shield: found: -- BHO installation denied at user request
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
3:10 PM: Shield States
3:10 PM: Spyware Definitions: 845
3:07 PM: Spy Sweeper 5.3.1.2344 started
3:07 PM: Spy Sweeper 5.3.1.2344 started
3:07 PM: | Start of Session, Thursday, February 08, 2007 |
***************
Spy Sweeper Session Log:-
5:15 PM: Removal process completed. Elapsed time 00:00:06
5:14 PM: Quarantining All Traces: trojan-downloader-firstwolf
5:14 PM: Removal process initiated
5:12 PM: Traces Found: 1
5:12 PM: Custom Sweep has completed. Elapsed time 00:29:02
5:12 PM: File Sweep Complete, Elapsed Time: 00:23:30
5:10 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
5:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Error Code 80030070] on [c:\found.000\file0002.chk]
5:04 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\bitcomet\downloads\happy.feet.2006.ts.xvid-xanax-with end-22-11-06-pass\happy.feet.2006.ts.xvid-xanax.rar.bc!]
5:02 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\read0600win_enuyhoo0010.pdf]
5:02 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\rdrmsgenu.pdf]
5:02 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]
5:02 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]
4:59 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\user\application data\adobe\acrobat\7.0\messages\enu\read0700win_enuadbe0700.pdf]
4:58 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\user\local settings\application data\im\identities\{018de100-1728-44b4-ac1e-8c5604af6020}\message store\attachments\may 2006.xls]
4:58 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat.log]
4:58 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat]
4:58 PM: Warning: Failed to open file "c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:58 PM: Warning: Failed to open file "c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\documents and settings\user\local settings\temp\perflib_perfdata_6ac.dat]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\user\ntuser.dat.log]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\user\ntuser.dat]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\ntuser.dat.log]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\ntuser.dat]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\data\settings.dat]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\networkservice\ntuser.dat.log]
4:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\networkservice\ntuser.dat]
4:57 PM: Warning: Failed to open file "c:\documents and settings\user\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\user\ntuser.dat". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\data\settings.dat". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:57 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
4:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\softwaredistribution\eventcache\{9e2ed2c9-7909-4075-8dfa-901be9bae16e}.bin]
4:55 PM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{9e2ed2c9-7909-4075-8dfa-901be9bae16e}.bin". The process cannot access the file because it is being used by another process
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\drivers\fidbox2.dat]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\drivers\fidbox2.idx]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\drivers\fidbox.dat]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\drivers\fidbox.idx]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\default]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\software]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\system]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\security.log]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\sam.log]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\sam]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\security]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\default.log]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\software.log]
4:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\system.log]
4:51 PM: Warning: Failed to open file "c:\windows\system32\drivers\fidbox2.dat". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\drivers\fidbox2.idx". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\drivers\fidbox.dat". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\drivers\fidbox.idx". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
4:51 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
4:49 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\pagefile.sys]
4:49 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\hiberfil.sys]
4:49 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
4:49 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
4:49 PM: Starting File Sweep
4:49 PM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
4:49 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
4:49 PM: Starting Cookie Sweep
4:49 PM: Registry Sweep Complete, Elapsed Time:00:00:40
4:49 PM: HKU\S-1-5-21-1292428093-1957994488-1343024091-1003\software\microsoft\windows\currentversion\run\ || firewall auto setup (ID = 1901597)
4:49 PM: Found Trojan Horse: trojan-downloader-firstwolf
4:48 PM: Starting Registry Sweep
4:48 PM: Memory Sweep Complete, Elapsed Time: 00:04:33
4:43 PM: Starting Memory Sweep
4:43 PM: Start Custom Sweep
4:43 PM: Sweep initiated using definitions version 845
4:43 PM: Sweep Status: 1 Item Found
4:43 PM: Traces Found: 1
4:43 PM: File Sweep Complete, Elapsed Time: 00:35:27
4:42 PM: Sweep Canceled
4:39 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [d:\backup\_restore\archive\fs14.cab]
4:34 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu\data1.cab]
4:33 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
4:33 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterupdatedisablenotify.zip]
4:29 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
4:28 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\found.000\file0002.chk]
4:23 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\bitcomet\downloads\happy.feet.2006.ts.xvid-xanax-with end-22-11-06-pass\happy.feet.2006.ts.xvid-xanax.rar.bc!]
4:21 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\read0600win_enuyhoo0010.pdf]
4:21 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\rdrmsgenu.pdf]
4:21 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]
4:21 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]
4:18 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\user\application data\adobe\acrobat\7.0\messages\enu\read0700win_enuadbe0700.pdf]
4:17 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\user\local settings\application data\im\identities\{018de100-1728-44b4-ac1e-8c5604af6020}\message store\attachments\may 2006.xls]
4:16 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat.log]
4:16 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat]
4:16 PM: Warning: Failed to open file "c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:16 PM: Warning: Failed to open file "c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:16 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\documents and settings\user\local settings\temp\perflib_perfdata_6ac.dat]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\user\local settings\temp\perflib_perfdata_7b0.dat]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\user\ntuser.dat.log]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\user\ntuser.dat]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\data\settings.dat]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\ntuser.dat.log]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\localservice\ntuser.dat]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\networkservice\ntuser.dat.log]
4:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\networkservice\ntuser.dat]
4:15 PM: Warning: Failed to open file "c:\documents and settings\user\local settings\temp\perflib_perfdata_7b0.dat". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\user\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\user\ntuser.dat". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\data\settings.dat". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
4:14 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\softwaredistribution\eventcache\{9e2ed2c9-7909-4075-8dfa-901be9bae16e}.bin]
4:13 PM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{9e2ed2c9-7909-4075-8dfa-901be9bae16e}.bin". The process cannot access the file because it is being used by another process
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\drivers\fidbox2.dat]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\drivers\fidbox2.idx]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\drivers\fidbox.dat]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\drivers\fidbox.idx]
4:09 PM: Warning: Failed to open file "c:\windows\system32\drivers\fidbox2.dat". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\drivers\fidbox2.idx". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\drivers\fidbox.dat". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\drivers\fidbox.idx". The process cannot access the file because it is being used by another process
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\default]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\software]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\system]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\security.log]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\sam.log]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\sam]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\security]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\default.log]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\software.log]
4:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\windows\system32\config\system.log]
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
4:09 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
4:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\pagefile.sys]
4:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\hiberfil.sys]
4:07 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
4:07 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
4:07 PM: Starting File Sweep
4:07 PM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
4:07 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
4:07 PM: Starting Cookie Sweep
4:07 PM: Registry Sweep Complete, Elapsed Time:00:00:44
4:07 PM: HKU\S-1-5-21-1292428093-1957994488-1343024091-1003\software\microsoft\windows\currentversion\run\ || firewall auto setup (ID = 1901597)
4:07 PM: Found Trojan Horse: trojan-downloader-firstwolf
4:06 PM: Starting Registry Sweep
4:06 PM: Memory Sweep Complete, Elapsed Time: 00:05:02
4:01 PM: Starting Memory Sweep
4:01 PM: BHO Shield: found: -- BHO installation allowed at user request
4:01 PM: Start Custom Sweep
4:01 PM: Sweep initiated using definitions version 845
4:00 PM: Your virus definitions have been updated.
4:00 PM: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 2/7/2007 2:25:34 PM (GMT)
4:00 PM: ApplicationMinimized - EXIT
4:00 PM: ApplicationMinimized - ENTER
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
3:57 PM: Shield States
3:57 PM: Spyware Definitions: 845
3:57 PM: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 2/7/2007 2:25:34 PM (GMT)
3:56 PM: Spy Sweeper 5.3.1.2344 started
3:56 PM: Spy Sweeper 5.3.1.2344 started
3:56 PM: | Start of Session, Thursday, February 08, 2007 |
***************
Operation: File Access
Target:
Source: C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\IS-229SA.TMP\IS-9G8AI.TMP
3:18 PM: Tamper Detection
3:18 PM: ApplicationMinimized - EXIT
3:18 PM: ApplicationMinimized - ENTER
3:17 PM: None
3:17 PM: Traces Found: 0
3:17 PM: Memory Sweep Complete, Elapsed Time: 00:02:07
3:17 PM: Sweep Canceled
3:15 PM: Starting Memory Sweep
3:15 PM: Start Custom Sweep
3:15 PM: Sweep initiated using definitions version 845
3:14 PM: BHO Shield: found: -- BHO installation allowed at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:14 PM: BHO Shield: found: -- BHO installation denied at user request
3:13 PM: BHO Shield: found: -- BHO installation denied at user request
3:13 PM: BHO Shield: found: -- BHO installation denied at user request
3:13 PM: BHO Shield: found: -- BHO installation denied at user request
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
3:10 PM: Shield States
3:10 PM: Spyware Definitions: 845
3:07 PM: Spy Sweeper 5.3.1.2344 started
3:07 PM: Spy Sweeper 5.3.1.2344 started
3:07 PM: | Start of Session, Thursday, February 08, 2007 |
***************
#23
victorywp
-
- Active Members
-
- 89 posts
Adv. Member
Posted 08 February 2007 - 09:29 AM
Hi,
HijackThis Log:-
Logfile of HijackThis v1.99.1
Scan saved at 5:19:59 PM, on 2/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [qwertybot.exe] C:\WINDOWS\system32\qwertybot.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A5367D3-6621-4321-86BA-FBF1DC8E8A32}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8141C4F5-9474-4946-B7DB-218FBCA21BFB}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A5367D3-6621-4321-86BA-FBF1DC8E8A32}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A5367D3-6621-4321-86BA-FBF1DC8E8A32}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
HijackThis Log:-
Logfile of HijackThis v1.99.1
Scan saved at 5:19:59 PM, on 2/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [qwertybot.exe] C:\WINDOWS\system32\qwertybot.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A5367D3-6621-4321-86BA-FBF1DC8E8A32}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8141C4F5-9474-4946-B7DB-218FBCA21BFB}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A5367D3-6621-4321-86BA-FBF1DC8E8A32}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A5367D3-6621-4321-86BA-FBF1DC8E8A32}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
#24
victorywp
-
- Active Members
-
- 89 posts
Adv. Member
Posted 08 February 2007 - 09:34 AM
Hi,
The above two posts are my Spy Sweeper Session Log & HijackThis Log for my second PC.
My first PC is still pending for instruction.
Thanks!
The above two posts are my Spy Sweeper Session Log & HijackThis Log for my second PC.
My first PC is still pending for instruction.
Thanks!
#25
teacup61
-
- Charter Members
-
- 1,558 posts
Is GSF inventory
Posted 09 February 2007 - 08:23 PM
One at a time, please. :)
On this same computer, I want you to download and run ComboFix.
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.
Thanks,
tea
On this same computer, I want you to download and run ComboFix.
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.
Thanks,
tea
#26
victorywp
-
- Active Members
-
- 89 posts
Adv. Member
Posted 10 February 2007 - 12:55 AM
Hi,
Combofix Log:-
"User" - 07-02-10 8:31:56 Service Pack 2
ComboFix 07.02.04 - Running from: "C:\Documents and Settings\User\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\User\My Documents\My Pictures\Desktop_.ini
C:\Documents and Settings\User\My Documents\My Music\Desktop_.ini
C:\Documents and Settings\User\My Documents\My Music\iTunes\Desktop_.ini
C:\Documents and Settings\User\My Documents\My Music\iTunes\iTunes Music\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Plastic Corrugated Box\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Shrink Film\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Plastic Pallet\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Presswood Pallet\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Presswood Pallet\ancill3_files\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\VCI\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Slipsheet\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Slipsheet\Slipsheets_files\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\VCI Absorbent\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\VCI Absorbent\desisafe_files\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\VCI Absorbent\sorb-all_files\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Dunnage Bag\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\New Folder\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Foam\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Foam\EPS_files\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Moulding\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Degreaser\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\DISK\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\SUPPLIER\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\SUPPLIER\PS-Doc\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\SUPPLIER\PS-Doc\Mastor Copy\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\DEBTOR AGEING\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\DEBTOR AGEING\Ageing Listing\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\STOCK\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\ADMIN MATTER\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\ADMIN MATTER\Mastor Copy\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\ADMIN MATTER\GROUP STEEL\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\CATALOGUE & SPECS FOR CUSTOMER\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\SALES-SALES MATTER\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\SALES-SALES MATTER\SALES MATTER\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\SALES-SALES MATTER\Sales Data\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Group Steel\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2002\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2007\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\F\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\Q\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\A\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\O\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\P\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\C\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\L\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\M\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\N\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\D\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\U\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\R\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\S\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\I\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\H\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\Y\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\T\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Purchase Request\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Others\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\P\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\T\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\M\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\Q\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\S\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\A\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\O\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\L\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\C\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\R\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\D\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\E\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation Request\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Sales\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\MFS\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\CWNTIA\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\DSP\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Eurojaya\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\AVJB\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Qualitek\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Tsuritani\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Omega\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Omega\Wafer Bonding System\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Omega\Wafer Dicing System\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Kotak\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Ismeca\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Cubic\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Polycube\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\SHE\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Tako\Desktop_.ini
C:\Documents and Settings\User\My Documents\My Received Files\Desktop_.ini
C:\Documents and Settings\User\My Documents\Susan\Desktop_.ini
C:\Documents and Settings\User\My Documents\Susan\Games\Desktop_.ini
C:\Documents and Settings\User\My Documents\Susan\Form\Desktop_.ini
C:\Documents and Settings\User\My Documents\Susan\Form\Stock Card - File\Desktop_.ini
C:\Documents and Settings\User\My Documents\Susan\Monthly Report\Desktop_.ini
C:\Documents and Settings\User\My Documents\Susan\Monthly Report\Sales Record\Desktop_.ini
C:\Documents and Settings\User\My Documents\Susan\Monthly Report\Stock Check Record\Desktop_.ini
C:\Documents and Settings\User\My Documents\Susan\Basic Purchasing Agreement (PSCDDM)\Desktop_.ini
C:\Documents and Settings\User\My Documents\Susan\Company Registration\Desktop_.ini
C:\Documents and Settings\User\My Documents\CyberLink\Desktop_.ini
C:\Documents and Settings\User\My Documents\CyberLink\PowerDVD\Desktop_.ini
C:\Program Files\Desktop_.ini
C:\Program Files\MSN Gaming Zone\Desktop_.ini
C:\Program Files\Online Services\Desktop_.ini
C:\Program Files\xerox\Desktop_.ini
C:\Program Files\xerox\nwwia\Desktop_.ini
C:\Program Files\Uninstall Information\Desktop_.ini
C:\Program Files\DAP\Desktop_.ini
C:\Program Files\DAP\Locales\Desktop_.ini
C:\Program Files\DAP\Privacy Package\Desktop_.ini
C:\Program Files\DAP\DAPFireFox\Desktop_.ini
C:\Program Files\DAP\DAPFireFox\chrome\Desktop_.ini
C:\Program Files\DAP\DAPFireFox\components\Desktop_.ini
C:\Program Files\DAP\BACKUP\Desktop_.ini
C:\Program Files\DAP\Icons\Desktop_.ini
C:\Program Files\DAP\Skins\Desktop_.ini
C:\Program Files\DAP\Skins\dap\Desktop_.ini
C:\Program Files\DAP\Temp\Desktop_.ini
C:\Program Files\DAP\Ads\Desktop_.ini
C:\Program Files\DAP\Updates\Desktop_.ini
C:\Program Files\DAP\Offers\Desktop_.ini
C:\Program Files\DAP\Log\Desktop_.ini
C:\Program Files\DAP\History\Desktop_.ini
C:\Program Files\DAP\History\User\Desktop_.ini
C:\Program Files\DAP\MCFiles\Desktop_.ini
C:\Program Files\Microsoft Office\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\VS Runtime\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\VS Runtime\1033\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\VS Runtime\schemas\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\VS Runtime\schemas\html\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\VS Runtime\schemas\xml\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Library\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Library\Analysis\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Library\Solver\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Queries\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\XLStart\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Startup\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Shortcut Bar\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Shortcut Bar\Office\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\1033\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\1033\botstyle\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\1033\DataServices\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\1033\PubBrd\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\1033\PubFtScm\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\1033\PubSPapr\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\1033\PubWiz\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\1036\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\3082\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\HTML\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\HTML\XMLLinks\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\HTML\XMLLinks\1033\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Migration\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Convert\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Convert\1033\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Addins\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\forms\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\forms\1033\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Samples\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Borders\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Macros\Desktop_.ini
C:\Program Files\Microsoft Office\Templates\Desktop_.ini
C:\Program Files\Microsoft Office\Templates\1033\Desktop_.ini
C:\Program Files\Microsoft Office\Templates\MseNewFileItems\Desktop_.ini
C:\Program Files\Microsoft Office\Templates\Presentation Designs\Desktop_.ini
C:\Program Files\Microsoft Office\media\Desktop_.ini
C:\Program Files\Microsoft Office\media\cagcat10\Desktop_.ini
C:\Program Files\Microsoft Office\media\cagcat10\1033\Desktop_.ini
C:\Program Files\Microsoft Office\media\cagcat\Desktop_.ini
C:\Program Files\Microsoft Office\media\cagcat\1033\Desktop_.ini
C:\Program Files\Microsoft Office\media\office10\Desktop_.ini
C:\Program Files\Microsoft Office\media\office10\autoshap\Desktop_.ini
C:\Program Files\Microsoft Office\media\office10\bullets\Desktop_.ini
C:\Program Files\Microsoft Office\media\office10\lines\Desktop_.ini
C:\Program Files\Microsoft Office\media\office10\1033\Desktop_.ini
C:\Program Files\Microsoft Office\media\OFFICE11\Desktop_.ini
C:\Program Files\Microsoft Office\media\OFFICE11\AUTOSHAP\Desktop_.ini
C:\Program Files\Microsoft Office\media\OFFICE11\BULLETS\Desktop_.ini
C:\Program Files\Microsoft Office\media\OFFICE11\LINES\Desktop_.ini
C:\Program Files\Microsoft Office\media\OFFICE11\1033\Desktop_.ini
C:\Program Files\Microsoft Office\Clipart\Desktop_.ini
C:\Program Files\Microsoft Office\Clipart\Pub60Cor\Desktop_.ini
C:\Program Files\Microsoft Office\Clipart\Publisher\Desktop_.ini
C:\Program Files\Microsoft Office\Clipart\Publisher\Backgrounds\Desktop_.ini
C:\Program Files\Microsoft Office\Stationery\Desktop_.ini
C:\Program Files\Microsoft Office\Stationery\1033\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\1033\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\SCHEMAS\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\SCHEMAS\HTML\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\SCHEMAS\XML\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\1033\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\1033\011\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\1033\DataServices\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\Migration\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\1036\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\3082\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\XLATORS\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\HTML\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\HTML\XMLLINKS\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\HTML\XMLLINKS\1033\Desktop_.ini
C:\Program Files\Microsoft Visual Studio\Desktop_.ini
C:\Program Files\Microsoft Visual Studio\Common\Desktop_.ini
C:\Program Files\Microsoft Visual Studio\Common\IDE\Desktop_.ini
C:\Program Files\Microsoft Visual Studio\Common\IDE\IDE98\Desktop_.ini
C:\Program Files\Microsoft ActiveSync\Desktop_.ini
C:\Program Files\ZTE\Desktop_.ini
C:\Program Files\ZTE\ADSLDIAL\Desktop_.ini
C:\Program Files\ZTE\ADSLDIAL\driver\Desktop_.ini
C:\Program Files\ACD Systems\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0\LM\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0\LM\Pages\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0\LM\Products\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0\QuickStart\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0\QuickStart\img\Desktop_.ini
C:\Program Files\Adobe\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\VDKHome\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\VDKHome\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm\PMP\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia\MPP\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Howto\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Howto\images\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\Locale\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\Locale\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Templates\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annotations\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annotations\Stamps\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annotations\Stamps\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer\en_US\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\WebSearch\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Updater\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Optional\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Images\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\SPPlugins\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Javascripts\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Legal\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Legal\Adobe Reader\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Legal\Adobe Reader\7.0.0\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Legal\Adobe Reader\7.0.0\en_US\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Messages\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Messages\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins3d\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Help\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Help\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\CMap\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Font\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Font\PFM\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Linguistics\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Linguistics\LanguageNames\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Linguistics\Providers\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Linguistics\Providers\Proximity\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Esl\Desktop_.ini
C:\Program Files\CyberLink\Desktop_.ini
C:\Program Files\CyberLink\Shared Files\Desktop_.ini
C:\Program Files\CyberLink\Shared Files\AudioFilter\Desktop_.ini
C:\Program Files\CyberLink\Shared Files\NavFilter\Desktop_.ini
C:\Program Files\CyberLink\Shared Files\VideoFilter\Desktop_.ini
C:\Program Files\CyberLink\PowerDVD\Desktop_.ini
C:\Program Files\CyberLink\PowerDVD\Skins\Desktop_.ini
C:\Program Files\CyberLink\PowerDVD\Skins\Crystal\Desktop_.ini
C:\Program Files\CyberLink\PowerDVD\Skins\Neo\Desktop_.ini
C:\Program Files\CyberLink\PowerDVD\Skins\Oscar\Desktop_.ini
C:\Program Files\CyberLink\Common\Desktop_.ini
C:\Program Files\INAC\Desktop_.ini
C:\Program Files\INAC\StartUp Manager\Desktop_.ini
C:\Program Files\MSN Messenger\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\29\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\6\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\19\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\16\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\1046\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\10\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\7\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\9\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\12\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\31\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\22\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\11\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\20\Desktop_.ini
C:\Program Files\Real\Desktop_.ini
C:\Program Files\Real\RealPlayer\Desktop_.ini
C:\Program Files\Real\RealPlayer\Setup\Desktop_.ini
C:\Program Files\Real\RealPlayer\Setup\accesspoints\Desktop_.ini
C:\Program Files\Real\RealPlayer\rpplugins\Desktop_.ini
C:\Program Files\Real\RealPlayer\library\Desktop_.ini
C:\Program Files\Real\RealPlayer\Netscape6\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\attributedto\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\CDBurning\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Channels\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Devices\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Formats\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\images\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\CTW\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\CTW\Images\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\404\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\acct\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\cdburning\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Central\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Channels\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Common\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\CTW\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\custsupport\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\custsupport\pccontrols\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\custsupport\prodsurvey\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\custsupport\sersupport\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\custsupport\techsupport\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\default\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Devices\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Error\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Guide\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Home\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\rollingstone\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\musicguide\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\musicstore\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\radio\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\search\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\skins\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\toc\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\trig\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\tutorials\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\upsell\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\visualizations\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Web\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\wrn\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\xpr\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\page\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\page\Common\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\RollingStone\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GPFeat\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Help\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\howto\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\keywords\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\library\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\data\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\images\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\images\alerts\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\images\btns\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\images\btns\139x24\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\images\btns\139x28\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\images\btns\184x24\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\images\btns\184x28\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\images\btns\94x24\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\images\btns\94x28\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\js\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\loc\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\loc\en\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\templates\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\mstore\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\musicguide\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\prefs\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Radio\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\search\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\sendlink\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\web\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\webresources\Desktop_.ini
C:\Program Files\Real\RealPlayer\Firstrun\Desktop_.ini
C:\Program Files\Real\RealPlayer\Firstrun\localguide_files\Desktop_.ini
C:\Program Files\Real\RealPlayer\plugins\Desktop_.ini
C:\Program Files\Real\RealPlayer\producer\Desktop_.ini
C:\Program Files\Real\RealPlayer\producer\plugins\Desktop_.ini
C:\Program Files\Real\RealPlayer\producer\Tools\Desktop_.ini
C:\Program Files\Real\RealPlayer\Devices\Desktop_.ini
C:\Program Files\Real\RealPlayer\CDBurning\Desktop_.ini
C:\Program Files\Real\RealPlayer\templates\Desktop_.ini
C:\Program Files\Real\RealPlayer\cache_db\Desktop_.ini
C:\Program Files\Real\RealPlayer\cache_db\c_header\Desktop_.ini
C:\Program Files\Real\RealPlayer\cache_db\c_data\Desktop_.ini
C:\Program Files\Real\RealPlayer\cache_db\c_usage\Desktop_.ini
C:\Program Files\WinZip\Desktop_.ini
C:\Program Files\Winamp\Desktop_.ini
C:\Program Files\Winamp\Skins\Desktop_.ini
C:\Program Files\Winamp\Plugins\Desktop_.ini
C:\Program Files\iTunes\Desktop_.ini
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\Desktop_.ini
C:\Program Files\iTunes\iTunes.Resources\Desktop_.ini
C:\Program Files\iTunes\iTunes.Resources\en.lproj\Desktop_.ini
C:\Program Files\iTunes\CD Configuration\Desktop_.ini
C:\Program Files\iTunes\iTunesHelper.Resources\Desktop_.ini
C:\Program Files\iPod\Desktop_.ini
C:\Program Files\iPod\bin\Desktop_.ini
C:\Program Files\iPod\bin\iPodService.Resources\Desktop_.ini
C:\Program Files\QuickTime\Desktop_.ini
C:\Program Files\QuickTime\Plugins\Desktop_.ini
C:\Program Files\Symantec\Desktop_.ini
C:\Program Files\Symantec\LiveUpdate\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Updates\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Includes\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Plugins\Desktop_.ini
C:\Program Files\FreeRIP\Desktop_.ini
C:\Program Files\Yahoo!\Desktop_.ini
C:\Program Files\Yahoo!\Installs\Desktop_.ini
C:\Program Files\Yahoo!\Common\Desktop_.ini
C:\Program Files\Yahoo!\Common\icons\Desktop_.ini
C:\Program Files\Yahoo!\Shared\Desktop_.ini
C:\Program Files\Yahoo!\Shared\Graphics\Desktop_.ini
C:\Program Files\Yahoo!\Shared\Graphics\Maverick\Desktop_.ini
C:\Program Files\Yahoo!\Shared\Graphics\Indigo\Desktop_.ini
C:\Program Files\CDex130\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\blues\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\classical\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\country\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\data\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\folk\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\jazz\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\misc\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\newage\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\reggae\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\rock\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\soundtrack\Desktop_.ini
C:\Program Files\CDex130\OutputFiles\Desktop_.ini
C:\Program Files\CDex130\OutputFiles\no artist\Desktop_.ini
C:\Program Files\CDex130\OutputFiles\no artist\no title\Desktop_.ini
C:\Program Files\FreeRIP2\Desktop_.ini
C:\Program Files\Nokia\Desktop_.ini
C:\Program Files\Nokia\Nokia PC Suite 6\Desktop_.ini
C:\Program Files\Nokia\Nokia PC Suite 6\Resource\Desktop_.ini
C:\Program Files\Nokia\Nokia PC Suite 6\Lang\Desktop_.ini
C:\Program Files\Nokia\Nokia PC Suite 6\Skins\Desktop_.ini
C:\Program Files\Nokia\Nokia PC Suite 6\Btmdm\Desktop_.ini
C:\Program Files\Nokia\Nokia PC Suite 6\Help\Desktop_.ini
C:\Program Files\Nokia\Connectivity Cable Driver\Desktop_.ini
C:\Program Files\Grisoft\Desktop_.ini
C:\Program Files\Grisoft\AVG Free\Desktop_.ini
C:\Program Files\JetAudio\Desktop_.ini
C:\Program Files\JetAudio\Skin\Desktop_.ini
C:\Program Files\JetAudio\Vis\Desktop_.ini
C:\Program Files\JetAudio\Vis\space\Desktop_.ini
C:\Program Files\JetAudio\Vis\Synesth\Desktop_.ini
C:\Program Files\DivX\Desktop_.ini
C:\Program Files\DivX\AutoUpdate\Desktop_.ini
C:\Program Files\DivX\Artwork\Desktop_.ini
C:\Program Files\DivX\DivX\Desktop_.ini
C:\Program Files\DivX\DivX Player\Desktop_.ini
C:\Program Files\DivX\DivX Player\Skins\Desktop_.ini
C:\Program Files\DivX\Movies\Desktop_.ini
C:\Program Files\DivX\DivX Web Player\Desktop_.ini
C:\Program Files\WinRAR\Desktop_.ini
C:\Program Files\WinRAR\Formats\Desktop_.ini
C:\Program Files\Ahead\Desktop_.ini
C:\Program Files\Ahead\Nero\Desktop_.ini
C:\Program Files\Ahead\Nero\Uninstall\Desktop_.ini
C:\Program Files\BitComet\Desktop_.ini
C:\Program Files\BitComet\lang\Desktop_.ini
C:\Program Files\BitComet\fav\Desktop_.ini
C:\Program Files\BitComet\fav\ad\Desktop_.ini
C:\Program Files\BitComet\rules\Desktop_.ini
C:\Program Files\BitComet\Downloads\Desktop_.ini
C:\Program Files\BitComet\Downloads\Happy.Feet.2006.TS.XviD-XanaX-WITH END-22-11-06-pass\Desktop_.ini
C:\Program Files\BitComet\Torrents\Desktop_.ini
C:\Program Files\BitComet\codec\Desktop_.ini
C:\Program Files\Windows Live Toolbar\Desktop_.ini
C:\Program Files\Kaspersky Lab\Desktop_.ini
C:\FOUND.000\Desktop_.ini
C:\kav\Desktop_.ini
C:\kav\kav6.0\Desktop_.ini
C:\kav\kav6.0\english\Desktop_.ini
C:\kav\kav6.0\english\doc\Desktop_.ini
C:\Temp\Desktop_.ini
C:\!KillBox\Desktop_.ini
C:\!KillBox\Logs\Desktop_.ini
C:\WINDOWS\system32\drivers\usbme.sys
C:\WINDOWS\system32\vx.tll
C:\autorun.inf
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\4.Apr03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\8.Aug03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\10.Oct03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\9.Sep03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\12.Dec03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\2.Feb03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\1.Jan03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\7.July03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\6.June03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\3.Mar03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\5.May03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\11.Nov03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2002\12.Dec02\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2002\11.Nov02\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2002\9.Sept02\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2002\10.Oct02\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\8.Aug04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\12.Dec04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\2.Feb04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\1.Jan04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\6.June04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\3.Mar04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\11.Nov04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\10.Oct04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\9.Sep04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\4.Apr04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\7.July04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\9.Sep05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\4.Apr05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\8.Aug05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\12.Dec05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\2.Feb05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\1.Jan05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\7.July05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\6.June05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\3.Mar05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\5.May05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\11.Nov05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\10.Oct05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\1.Jan06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\2.Feb06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\3.Mar06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\4.Apr06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\5.May06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\6.June06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\7.July06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\8.Aug06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\9.Sept06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\10.Oct06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\11.Nov06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\12.Dec06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2007\1.Jan07\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\E.Dynamic\Desktop_.ini
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\Desktop_.ini
C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\Desktop_.ini
C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\Desktop_.ini
((((((((((((((((((((((((((((((( Files Created from 2007-01-10 to 2007-02-10 ))))))))))))))))))))))))))))))))))
2007-02-10 08:46 <DIR> d-------- C:\WINDOWS\ERDNT
2007-02-08 15:04 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-08 15:04 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-08 15:04 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-08 15:04 144,448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-08 15:04 <DIR> d-------- C:\Program Files\Webroot
2007-02-08 15:04 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Webroot
2007-02-08 15:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Webroot
2007-02-08 15:01 <DIR> d-------- C:\DOCUME~1\User\Application Data\Webroot
2007-02-07 13:58 <DIR> d-------- C:\HijackThis
2007-02-01 16:43 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-02-01 16:43 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-01-29 14:01 <DIR> d--hs---- C:\FOUND.001
2007-01-25 10:24 <DIR> d-------- C:\Downloads
2007-01-24 09:29 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-01-24 09:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Kaspersky Lab
2007-01-24 09:25 <DIR> d--hs---- C:\FOUND.000
2007-01-24 09:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2007-01-24 09:18 <DIR> d-------- C:\kav
2007-01-24 08:30 146,432 --a------ C:\WINDOWS\system32\avgw.exe.exe
2007-01-23 13:51 225,280 --a------ C:\DOCUME~1\User\ApplicationInstaller.exe.exe
2007-01-23 13:50 2,076,739 --a------ C:\DOCUME~1\User\WINZIP32.EXE.exe
2007-01-12 10:23 114,688 --a------ C:\DOCUME~1\User\23162.exe
2007-01-12 08:26 118,784 --a------ C:\DOCUME~1\User\319.exe
2007-01-11 08:45 <DIR> d-------- C:\!KillBox
2007-01-10 17:29 <DIR> d-------- C:\Program Files\MSN Messenger
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-08 15:01 -------- d-------- C:\Documents and Settings\User\Application Data\webroot
2007-01-31 08:24 67645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys
2007-01-25 10:24 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-01-09 10:39 -------- d-------- C:\Documents and Settings\User\Application Data\inac
2006-12-27 10:53 -------- d-------- C:\Documents and Settings\User\Application Data\datalayer
2006-12-19 17:43 -------- d-------- C:\Program Files\windows live toolbar
2006-12-15 09:04 -------- d-------- C:\Program Files\nokia
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ZTE ADSL"=""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"qwertybot.exe"="C:\\WINDOWS\\system32\\qwertybot.exe"
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
@=""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"KernelFaultCheck"="C:\\WINDOWS\\system32\\dumprep 0 -k"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{296a50f0-8a85-11db-93ef-0002449507ed}]
Shell\Auto\command infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_MCHINJDRV
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-10 8:50:44
Combofix Log:-
"User" - 07-02-10 8:31:56 Service Pack 2
ComboFix 07.02.04 - Running from: "C:\Documents and Settings\User\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\User\My Documents\My Pictures\Desktop_.ini
C:\Documents and Settings\User\My Documents\My Music\Desktop_.ini
C:\Documents and Settings\User\My Documents\My Music\iTunes\Desktop_.ini
C:\Documents and Settings\User\My Documents\My Music\iTunes\iTunes Music\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Plastic Corrugated Box\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Shrink Film\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Plastic Pallet\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Presswood Pallet\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Presswood Pallet\ancill3_files\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\VCI\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Slipsheet\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Slipsheet\Slipsheets_files\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\VCI Absorbent\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\VCI Absorbent\desisafe_files\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\VCI Absorbent\sorb-all_files\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Dunnage Bag\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\New Folder\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Foam\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Foam\EPS_files\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Moulding\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP Products\Degreaser\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\DISK\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\SUPPLIER\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\SUPPLIER\PS-Doc\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\SUPPLIER\PS-Doc\Mastor Copy\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\DEBTOR AGEING\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\DEBTOR AGEING\Ageing Listing\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\STOCK\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\ADMIN MATTER\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\ADMIN MATTER\Mastor Copy\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\ADMIN MATTER\GROUP STEEL\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\CATALOGUE & SPECS FOR CUSTOMER\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\SALES-SALES MATTER\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\SALES-SALES MATTER\SALES MATTER\Desktop_.ini
C:\Documents and Settings\User\My Documents\PISB\SALES-SALES MATTER\Sales Data\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Group Steel\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2002\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2007\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\F\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\Q\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\A\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\O\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\P\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\C\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\L\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\M\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\N\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\D\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\U\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\R\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\S\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\I\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\H\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\Y\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order\T\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Purchase Request\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Others\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\P\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\T\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\M\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\Q\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\S\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\A\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\O\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\L\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\C\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\R\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\D\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Delivery Order (new)\E\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation Request\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Sales\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\MFS\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\CWNTIA\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\DSP\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Eurojaya\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\AVJB\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Qualitek\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Tsuritani\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Omega\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Omega\Wafer Bonding System\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Omega\Wafer Dicing System\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Kotak\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Ismeca\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Cubic\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Polycube\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\SHE\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\Tako\Desktop_.ini
C:\Documents and Settings\User\My Documents\My Received Files\Desktop_.ini
C:\Documents and Settings\User\My Documents\Susan\Desktop_.ini
C:\Documents and Settings\User\My Documents\Susan\Games\Desktop_.ini
C:\Documents and Settings\User\My Documents\Susan\Form\Desktop_.ini
C:\Documents and Settings\User\My Documents\Susan\Form\Stock Card - File\Desktop_.ini
C:\Documents and Settings\User\My Documents\Susan\Monthly Report\Desktop_.ini
C:\Documents and Settings\User\My Documents\Susan\Monthly Report\Sales Record\Desktop_.ini
C:\Documents and Settings\User\My Documents\Susan\Monthly Report\Stock Check Record\Desktop_.ini
C:\Documents and Settings\User\My Documents\Susan\Basic Purchasing Agreement (PSCDDM)\Desktop_.ini
C:\Documents and Settings\User\My Documents\Susan\Company Registration\Desktop_.ini
C:\Documents and Settings\User\My Documents\CyberLink\Desktop_.ini
C:\Documents and Settings\User\My Documents\CyberLink\PowerDVD\Desktop_.ini
C:\Program Files\Desktop_.ini
C:\Program Files\MSN Gaming Zone\Desktop_.ini
C:\Program Files\Online Services\Desktop_.ini
C:\Program Files\xerox\Desktop_.ini
C:\Program Files\xerox\nwwia\Desktop_.ini
C:\Program Files\Uninstall Information\Desktop_.ini
C:\Program Files\DAP\Desktop_.ini
C:\Program Files\DAP\Locales\Desktop_.ini
C:\Program Files\DAP\Privacy Package\Desktop_.ini
C:\Program Files\DAP\DAPFireFox\Desktop_.ini
C:\Program Files\DAP\DAPFireFox\chrome\Desktop_.ini
C:\Program Files\DAP\DAPFireFox\components\Desktop_.ini
C:\Program Files\DAP\BACKUP\Desktop_.ini
C:\Program Files\DAP\Icons\Desktop_.ini
C:\Program Files\DAP\Skins\Desktop_.ini
C:\Program Files\DAP\Skins\dap\Desktop_.ini
C:\Program Files\DAP\Temp\Desktop_.ini
C:\Program Files\DAP\Ads\Desktop_.ini
C:\Program Files\DAP\Updates\Desktop_.ini
C:\Program Files\DAP\Offers\Desktop_.ini
C:\Program Files\DAP\Log\Desktop_.ini
C:\Program Files\DAP\History\Desktop_.ini
C:\Program Files\DAP\History\User\Desktop_.ini
C:\Program Files\DAP\MCFiles\Desktop_.ini
C:\Program Files\Microsoft Office\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\VS Runtime\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\VS Runtime\1033\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\VS Runtime\schemas\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\VS Runtime\schemas\html\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\VS Runtime\schemas\xml\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Library\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Library\Analysis\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Library\Solver\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Queries\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\XLStart\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Startup\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Shortcut Bar\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Shortcut Bar\Office\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\1033\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\1033\botstyle\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\1033\DataServices\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\1033\PubBrd\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\1033\PubFtScm\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\1033\PubSPapr\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\1033\PubWiz\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\1036\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\3082\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\HTML\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\HTML\XMLLinks\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\HTML\XMLLinks\1033\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Migration\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Convert\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Convert\1033\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Addins\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\forms\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\forms\1033\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Samples\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Borders\Desktop_.ini
C:\Program Files\Microsoft Office\Office10\Macros\Desktop_.ini
C:\Program Files\Microsoft Office\Templates\Desktop_.ini
C:\Program Files\Microsoft Office\Templates\1033\Desktop_.ini
C:\Program Files\Microsoft Office\Templates\MseNewFileItems\Desktop_.ini
C:\Program Files\Microsoft Office\Templates\Presentation Designs\Desktop_.ini
C:\Program Files\Microsoft Office\media\Desktop_.ini
C:\Program Files\Microsoft Office\media\cagcat10\Desktop_.ini
C:\Program Files\Microsoft Office\media\cagcat10\1033\Desktop_.ini
C:\Program Files\Microsoft Office\media\cagcat\Desktop_.ini
C:\Program Files\Microsoft Office\media\cagcat\1033\Desktop_.ini
C:\Program Files\Microsoft Office\media\office10\Desktop_.ini
C:\Program Files\Microsoft Office\media\office10\autoshap\Desktop_.ini
C:\Program Files\Microsoft Office\media\office10\bullets\Desktop_.ini
C:\Program Files\Microsoft Office\media\office10\lines\Desktop_.ini
C:\Program Files\Microsoft Office\media\office10\1033\Desktop_.ini
C:\Program Files\Microsoft Office\media\OFFICE11\Desktop_.ini
C:\Program Files\Microsoft Office\media\OFFICE11\AUTOSHAP\Desktop_.ini
C:\Program Files\Microsoft Office\media\OFFICE11\BULLETS\Desktop_.ini
C:\Program Files\Microsoft Office\media\OFFICE11\LINES\Desktop_.ini
C:\Program Files\Microsoft Office\media\OFFICE11\1033\Desktop_.ini
C:\Program Files\Microsoft Office\Clipart\Desktop_.ini
C:\Program Files\Microsoft Office\Clipart\Pub60Cor\Desktop_.ini
C:\Program Files\Microsoft Office\Clipart\Publisher\Desktop_.ini
C:\Program Files\Microsoft Office\Clipart\Publisher\Backgrounds\Desktop_.ini
C:\Program Files\Microsoft Office\Stationery\Desktop_.ini
C:\Program Files\Microsoft Office\Stationery\1033\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\1033\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\SCHEMAS\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\SCHEMAS\HTML\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\VS Runtime\SCHEMAS\XML\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\1033\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\1033\011\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\1033\DataServices\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\Migration\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\1036\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\3082\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\XLATORS\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\HTML\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\HTML\XMLLINKS\Desktop_.ini
C:\Program Files\Microsoft Office\OFFICE11\HTML\XMLLINKS\1033\Desktop_.ini
C:\Program Files\Microsoft Visual Studio\Desktop_.ini
C:\Program Files\Microsoft Visual Studio\Common\Desktop_.ini
C:\Program Files\Microsoft Visual Studio\Common\IDE\Desktop_.ini
C:\Program Files\Microsoft Visual Studio\Common\IDE\IDE98\Desktop_.ini
C:\Program Files\Microsoft ActiveSync\Desktop_.ini
C:\Program Files\ZTE\Desktop_.ini
C:\Program Files\ZTE\ADSLDIAL\Desktop_.ini
C:\Program Files\ZTE\ADSLDIAL\driver\Desktop_.ini
C:\Program Files\ACD Systems\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0\LM\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0\LM\Pages\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0\LM\Products\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0\QuickStart\Desktop_.ini
C:\Program Files\ACD Systems\ACDSee\8.0\QuickStart\img\Desktop_.ini
C:\Program Files\Adobe\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\VDKHome\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\VDKHome\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm\PMP\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Multimedia\MPP\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Howto\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Howto\images\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\Locale\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\Locale\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\Templates\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annotations\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annotations\Stamps\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Annotations\Stamps\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer\en_US\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\WebSearch\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Updater\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Optional\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\HowTo\ENU\Images\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\SPPlugins\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Javascripts\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Legal\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Legal\Adobe Reader\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Legal\Adobe Reader\7.0.0\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Legal\Adobe Reader\7.0.0\en_US\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Messages\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\Messages\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins3d\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Help\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Help\ENU\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\CMap\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Font\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Font\PFM\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Linguistics\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Linguistics\LanguageNames\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Linguistics\Providers\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Resource\Linguistics\Providers\Proximity\Desktop_.ini
C:\Program Files\Adobe\Acrobat 7.0\Esl\Desktop_.ini
C:\Program Files\CyberLink\Desktop_.ini
C:\Program Files\CyberLink\Shared Files\Desktop_.ini
C:\Program Files\CyberLink\Shared Files\AudioFilter\Desktop_.ini
C:\Program Files\CyberLink\Shared Files\NavFilter\Desktop_.ini
C:\Program Files\CyberLink\Shared Files\VideoFilter\Desktop_.ini
C:\Program Files\CyberLink\PowerDVD\Desktop_.ini
C:\Program Files\CyberLink\PowerDVD\Skins\Desktop_.ini
C:\Program Files\CyberLink\PowerDVD\Skins\Crystal\Desktop_.ini
C:\Program Files\CyberLink\PowerDVD\Skins\Neo\Desktop_.ini
C:\Program Files\CyberLink\PowerDVD\Skins\Oscar\Desktop_.ini
C:\Program Files\CyberLink\Common\Desktop_.ini
C:\Program Files\INAC\Desktop_.ini
C:\Program Files\INAC\StartUp Manager\Desktop_.ini
C:\Program Files\MSN Messenger\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\29\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\6\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\19\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\16\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\1046\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\10\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\7\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\9\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\12\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\31\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\22\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\11\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\20\Desktop_.ini
C:\Program Files\Real\Desktop_.ini
C:\Program Files\Real\RealPlayer\Desktop_.ini
C:\Program Files\Real\RealPlayer\Setup\Desktop_.ini
C:\Program Files\Real\RealPlayer\Setup\accesspoints\Desktop_.ini
C:\Program Files\Real\RealPlayer\rpplugins\Desktop_.ini
C:\Program Files\Real\RealPlayer\library\Desktop_.ini
C:\Program Files\Real\RealPlayer\Netscape6\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\attributedto\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\CDBurning\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Channels\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Devices\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Formats\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\images\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\CTW\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\CTW\Images\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\404\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\acct\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\cdburning\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Central\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Channels\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Common\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\CTW\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\custsupport\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\custsupport\pccontrols\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\custsupport\prodsurvey\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\custsupport\sersupport\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\custsupport\techsupport\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\default\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Devices\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Error\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Guide\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Home\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\rollingstone\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\musicguide\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\musicstore\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\radio\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\search\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\skins\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\toc\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\trig\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\tutorials\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\upsell\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\visualizations\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\Web\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\wrn\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\loc\en\xpr\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\page\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\page\Common\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\RollingStone\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\GPFeat\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Help\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\howto\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\keywords\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\library\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\data\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\images\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\images\alerts\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\images\btns\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\images\btns\139x24\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\images\btns\139x28\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\images\btns\184x24\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\images\btns\184x28\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\images\btns\94x24\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\images\btns\94x28\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\js\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\loc\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\loc\en\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Login\templates\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\mstore\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\musicguide\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\prefs\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\Radio\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\search\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\sendlink\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\web\Desktop_.ini
C:\Program Files\Real\RealPlayer\DataCache\webresources\Desktop_.ini
C:\Program Files\Real\RealPlayer\Firstrun\Desktop_.ini
C:\Program Files\Real\RealPlayer\Firstrun\localguide_files\Desktop_.ini
C:\Program Files\Real\RealPlayer\plugins\Desktop_.ini
C:\Program Files\Real\RealPlayer\producer\Desktop_.ini
C:\Program Files\Real\RealPlayer\producer\plugins\Desktop_.ini
C:\Program Files\Real\RealPlayer\producer\Tools\Desktop_.ini
C:\Program Files\Real\RealPlayer\Devices\Desktop_.ini
C:\Program Files\Real\RealPlayer\CDBurning\Desktop_.ini
C:\Program Files\Real\RealPlayer\templates\Desktop_.ini
C:\Program Files\Real\RealPlayer\cache_db\Desktop_.ini
C:\Program Files\Real\RealPlayer\cache_db\c_header\Desktop_.ini
C:\Program Files\Real\RealPlayer\cache_db\c_data\Desktop_.ini
C:\Program Files\Real\RealPlayer\cache_db\c_usage\Desktop_.ini
C:\Program Files\WinZip\Desktop_.ini
C:\Program Files\Winamp\Desktop_.ini
C:\Program Files\Winamp\Skins\Desktop_.ini
C:\Program Files\Winamp\Plugins\Desktop_.ini
C:\Program Files\iTunes\Desktop_.ini
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\Desktop_.ini
C:\Program Files\iTunes\iTunes.Resources\Desktop_.ini
C:\Program Files\iTunes\iTunes.Resources\en.lproj\Desktop_.ini
C:\Program Files\iTunes\CD Configuration\Desktop_.ini
C:\Program Files\iTunes\iTunesHelper.Resources\Desktop_.ini
C:\Program Files\iPod\Desktop_.ini
C:\Program Files\iPod\bin\Desktop_.ini
C:\Program Files\iPod\bin\iPodService.Resources\Desktop_.ini
C:\Program Files\QuickTime\Desktop_.ini
C:\Program Files\QuickTime\Plugins\Desktop_.ini
C:\Program Files\Symantec\Desktop_.ini
C:\Program Files\Symantec\LiveUpdate\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Updates\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Includes\Desktop_.ini
C:\Program Files\Spybot - Search & Destroy\Plugins\Desktop_.ini
C:\Program Files\FreeRIP\Desktop_.ini
C:\Program Files\Yahoo!\Desktop_.ini
C:\Program Files\Yahoo!\Installs\Desktop_.ini
C:\Program Files\Yahoo!\Common\Desktop_.ini
C:\Program Files\Yahoo!\Common\icons\Desktop_.ini
C:\Program Files\Yahoo!\Shared\Desktop_.ini
C:\Program Files\Yahoo!\Shared\Graphics\Desktop_.ini
C:\Program Files\Yahoo!\Shared\Graphics\Maverick\Desktop_.ini
C:\Program Files\Yahoo!\Shared\Graphics\Indigo\Desktop_.ini
C:\Program Files\CDex130\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\blues\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\classical\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\country\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\data\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\folk\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\jazz\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\misc\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\newage\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\reggae\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\rock\Desktop_.ini
C:\Program Files\CDex130\LocalCDDB\soundtrack\Desktop_.ini
C:\Program Files\CDex130\OutputFiles\Desktop_.ini
C:\Program Files\CDex130\OutputFiles\no artist\Desktop_.ini
C:\Program Files\CDex130\OutputFiles\no artist\no title\Desktop_.ini
C:\Program Files\FreeRIP2\Desktop_.ini
C:\Program Files\Nokia\Desktop_.ini
C:\Program Files\Nokia\Nokia PC Suite 6\Desktop_.ini
C:\Program Files\Nokia\Nokia PC Suite 6\Resource\Desktop_.ini
C:\Program Files\Nokia\Nokia PC Suite 6\Lang\Desktop_.ini
C:\Program Files\Nokia\Nokia PC Suite 6\Skins\Desktop_.ini
C:\Program Files\Nokia\Nokia PC Suite 6\Btmdm\Desktop_.ini
C:\Program Files\Nokia\Nokia PC Suite 6\Help\Desktop_.ini
C:\Program Files\Nokia\Connectivity Cable Driver\Desktop_.ini
C:\Program Files\Grisoft\Desktop_.ini
C:\Program Files\Grisoft\AVG Free\Desktop_.ini
C:\Program Files\JetAudio\Desktop_.ini
C:\Program Files\JetAudio\Skin\Desktop_.ini
C:\Program Files\JetAudio\Vis\Desktop_.ini
C:\Program Files\JetAudio\Vis\space\Desktop_.ini
C:\Program Files\JetAudio\Vis\Synesth\Desktop_.ini
C:\Program Files\DivX\Desktop_.ini
C:\Program Files\DivX\AutoUpdate\Desktop_.ini
C:\Program Files\DivX\Artwork\Desktop_.ini
C:\Program Files\DivX\DivX\Desktop_.ini
C:\Program Files\DivX\DivX Player\Desktop_.ini
C:\Program Files\DivX\DivX Player\Skins\Desktop_.ini
C:\Program Files\DivX\Movies\Desktop_.ini
C:\Program Files\DivX\DivX Web Player\Desktop_.ini
C:\Program Files\WinRAR\Desktop_.ini
C:\Program Files\WinRAR\Formats\Desktop_.ini
C:\Program Files\Ahead\Desktop_.ini
C:\Program Files\Ahead\Nero\Desktop_.ini
C:\Program Files\Ahead\Nero\Uninstall\Desktop_.ini
C:\Program Files\BitComet\Desktop_.ini
C:\Program Files\BitComet\lang\Desktop_.ini
C:\Program Files\BitComet\fav\Desktop_.ini
C:\Program Files\BitComet\fav\ad\Desktop_.ini
C:\Program Files\BitComet\rules\Desktop_.ini
C:\Program Files\BitComet\Downloads\Desktop_.ini
C:\Program Files\BitComet\Downloads\Happy.Feet.2006.TS.XviD-XanaX-WITH END-22-11-06-pass\Desktop_.ini
C:\Program Files\BitComet\Torrents\Desktop_.ini
C:\Program Files\BitComet\codec\Desktop_.ini
C:\Program Files\Windows Live Toolbar\Desktop_.ini
C:\Program Files\Kaspersky Lab\Desktop_.ini
C:\FOUND.000\Desktop_.ini
C:\kav\Desktop_.ini
C:\kav\kav6.0\Desktop_.ini
C:\kav\kav6.0\english\Desktop_.ini
C:\kav\kav6.0\english\doc\Desktop_.ini
C:\Temp\Desktop_.ini
C:\!KillBox\Desktop_.ini
C:\!KillBox\Logs\Desktop_.ini
C:\WINDOWS\system32\drivers\usbme.sys
C:\WINDOWS\system32\vx.tll
C:\autorun.inf
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\4.Apr03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\8.Aug03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\10.Oct03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\9.Sep03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\12.Dec03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\2.Feb03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\1.Jan03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\7.July03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\6.June03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\3.Mar03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\5.May03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2003\11.Nov03\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2002\12.Dec02\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2002\11.Nov02\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2002\9.Sept02\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2002\10.Oct02\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\8.Aug04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\12.Dec04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\2.Feb04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\1.Jan04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\6.June04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\3.Mar04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\11.Nov04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\10.Oct04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\9.Sep04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\4.Apr04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2004\7.July04\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\9.Sep05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\4.Apr05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\8.Aug05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\12.Dec05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\2.Feb05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\1.Jan05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\7.July05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\6.June05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\3.Mar05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\5.May05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\11.Nov05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2005\10.Oct05\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\1.Jan06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\2.Feb06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\3.Mar06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\4.Apr06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\5.May06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\6.June06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\7.July06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\8.Aug06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\9.Sept06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\10.Oct06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\11.Nov06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2006\12.Dec06\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Quotation\2007\1.Jan07\Desktop_.ini
C:\Documents and Settings\User\My Documents\DSP\Photos\E.Dynamic\Desktop_.ini
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\Desktop_.ini
C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\Desktop_.ini
C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\Desktop_.ini
((((((((((((((((((((((((((((((( Files Created from 2007-01-10 to 2007-02-10 ))))))))))))))))))))))))))))))))))
2007-02-10 08:46 <DIR> d-------- C:\WINDOWS\ERDNT
2007-02-08 15:04 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-08 15:04 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-08 15:04 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-08 15:04 144,448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-08 15:04 <DIR> d-------- C:\Program Files\Webroot
2007-02-08 15:04 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\Webroot
2007-02-08 15:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Webroot
2007-02-08 15:01 <DIR> d-------- C:\DOCUME~1\User\Application Data\Webroot
2007-02-07 13:58 <DIR> d-------- C:\HijackThis
2007-02-01 16:43 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2007-02-01 16:43 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2007-01-29 14:01 <DIR> d--hs---- C:\FOUND.001
2007-01-25 10:24 <DIR> d-------- C:\Downloads
2007-01-24 09:29 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-01-24 09:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Kaspersky Lab
2007-01-24 09:25 <DIR> d--hs---- C:\FOUND.000
2007-01-24 09:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2007-01-24 09:18 <DIR> d-------- C:\kav
2007-01-24 08:30 146,432 --a------ C:\WINDOWS\system32\avgw.exe.exe
2007-01-23 13:51 225,280 --a------ C:\DOCUME~1\User\ApplicationInstaller.exe.exe
2007-01-23 13:50 2,076,739 --a------ C:\DOCUME~1\User\WINZIP32.EXE.exe
2007-01-12 10:23 114,688 --a------ C:\DOCUME~1\User\23162.exe
2007-01-12 08:26 118,784 --a------ C:\DOCUME~1\User\319.exe
2007-01-11 08:45 <DIR> d-------- C:\!KillBox
2007-01-10 17:29 <DIR> d-------- C:\Program Files\MSN Messenger
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-02-08 15:01 -------- d-------- C:\Documents and Settings\User\Application Data\webroot
2007-01-31 08:24 67645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys
2007-01-25 10:24 2560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-01-09 10:39 -------- d-------- C:\Documents and Settings\User\Application Data\inac
2006-12-27 10:53 -------- d-------- C:\Documents and Settings\User\Application Data\datalayer
2006-12-19 17:43 -------- d-------- C:\Program Files\windows live toolbar
2006-12-15 09:04 -------- d-------- C:\Program Files\nokia
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ZTE ADSL"=""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"qwertybot.exe"="C:\\WINDOWS\\system32\\qwertybot.exe"
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
@=""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"KernelFaultCheck"="C:\\WINDOWS\\system32\\dumprep 0 -k"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{296a50f0-8a85-11db-93ef-0002449507ed}]
Shell\Auto\command infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_MCHINJDRV
********************************************************************
catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
********************************************************************
Completion time: 07-02-10 8:50:44
#27
victorywp
-
- Active Members
-
- 89 posts
Adv. Member
Posted 10 February 2007 - 12:56 AM
HijackThis Log:-
Logfile of HijackThis v1.99.1
Scan saved at 8:52:27 AM, on 2/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [qwertybot.exe] C:\WINDOWS\system32\qwertybot.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A5367D3-6621-4321-86BA-FBF1DC8E8A32}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8141C4F5-9474-4946-B7DB-218FBCA21BFB}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A5367D3-6621-4321-86BA-FBF1DC8E8A32}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A5367D3-6621-4321-86BA-FBF1DC8E8A32}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Logfile of HijackThis v1.99.1
Scan saved at 8:52:27 AM, on 2/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [qwertybot.exe] C:\WINDOWS\system32\qwertybot.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A5367D3-6621-4321-86BA-FBF1DC8E8A32}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{8141C4F5-9474-4946-B7DB-218FBCA21BFB}: NameServer = 202.188.0.133,202.188.1.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{3A5367D3-6621-4321-86BA-FBF1DC8E8A32}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3A5367D3-6621-4321-86BA-FBF1DC8E8A32}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
#28
teacup61
-
- Charter Members
-
- 1,558 posts
Is GSF inventory
Posted 10 February 2007 - 04:49 AM
Hello,
Okay, all the same stuff on this machine too, ouch......so can you now view hidden files? If so, please upload the file qwertybot.exe to Bobbi Flekman as he asked you to. :)
Please download and run Dr. Web, just like you did on the other system.
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Thanks,
tea
Okay, all the same stuff on this machine too, ouch......so can you now view hidden files? If so, please upload the file qwertybot.exe to Bobbi Flekman as he asked you to. :)
Please download and run Dr. Web, just like you did on the other system.
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
- Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, look if you can click next icon next to the files found:
- If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples) - After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
- After reboot, post the contents of the log from Dr.Web you saved previously, along with a new HijackThis log in your next reply. Also let me know how it's running.
Thanks,
tea
#29
victorywp
-
- Active Members
-
- 89 posts
Adv. Member
Posted 13 February 2007 - 02:09 AM
Hi,
Sorry for the delay. I just came back from outstation. Yup, I can view hidden files & folders already. But I can't find the qwertybot.exe file from this location C:\WINDOWS\System32\qwertybot.exe. Was it deleted already? How should I tell Bobbi Flekman about this?
Can I ask you a question? How can I solve this type of problem (Can't Show Hidden Files) in the future? Is it sufficient enough if I only use Combofix?
Thanks! :)
Sorry for the delay. I just came back from outstation. Yup, I can view hidden files & folders already. But I can't find the qwertybot.exe file from this location C:\WINDOWS\System32\qwertybot.exe. Was it deleted already? How should I tell Bobbi Flekman about this?
Can I ask you a question? How can I solve this type of problem (Can't Show Hidden Files) in the future? Is it sufficient enough if I only use Combofix?
Thanks! :)
#30
victorywp
-
- Active Members
-
- 89 posts
Adv. Member
Posted 13 February 2007 - 06:56 AM
Hi,
Dr.Web Log:-
319.exe;C:\Documents and Settings\User;Trojan.MulDrop.5381;Deleted.;
23162.exe;C:\Documents and Settings\User;Trojan.MulDrop.5381;Deleted.;
A0002396.exe;C:\System Volume Information\_restore{366A4E38-74A6-4790-A9D9-D581D4E38EAC}\RP19;Adware.Spysheriff;Incurable.Moved.;
A0008454.exe;C:\System Volume Information\_restore{366A4E38-74A6-4790-A9D9-D581D4E38EAC}\RP20;Adware.Spysheriff;Incurable.Moved.;
A0014785.exe;C:\System Volume Information\_restore{366A4E38-74A6-4790-A9D9-D581D4E38EAC}\RP32;Trojan.MulDrop.5381;Deleted.;
A0014786.exe;C:\System Volume Information\_restore{366A4E38-74A6-4790-A9D9-D581D4E38EAC}\RP32;Trojan.MulDrop.5381;Deleted.;
Dr.Web Log:-
319.exe;C:\Documents and Settings\User;Trojan.MulDrop.5381;Deleted.;
23162.exe;C:\Documents and Settings\User;Trojan.MulDrop.5381;Deleted.;
A0002396.exe;C:\System Volume Information\_restore{366A4E38-74A6-4790-A9D9-D581D4E38EAC}\RP19;Adware.Spysheriff;Incurable.Moved.;
A0008454.exe;C:\System Volume Information\_restore{366A4E38-74A6-4790-A9D9-D581D4E38EAC}\RP20;Adware.Spysheriff;Incurable.Moved.;
A0014785.exe;C:\System Volume Information\_restore{366A4E38-74A6-4790-A9D9-D581D4E38EAC}\RP32;Trojan.MulDrop.5381;Deleted.;
A0014786.exe;C:\System Volume Information\_restore{366A4E38-74A6-4790-A9D9-D581D4E38EAC}\RP32;Trojan.MulDrop.5381;Deleted.;
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
