When i ran HijakThis in safe mode O4 - HKCU\..\Run: [CURB SHOW] C:\DOCUME~1\Paul\APPLIC~1\THISBO~1\BAITAXIS.exe did not show up in the log
I was able to delete the 2 folders on c: in safe mode
Here is the latest HijakThis log
Logfile of HijackThis v1.99.1
Scan saved at 11:33:09 PM, on 5/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\eFilm Medical\eFilm\efPMNT.exe
C:\Program Files\eFilm Medical\eFilm\efServer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\eFilm Medical\eFilm\efDM.exe
C:\Program Files\eFilm Medical\eFilm\efDicomM.exe
C:\Program Files\eFilm Medical\eFilm\efDBM.exe
C:\Program Files\eFilm Medical\eFilm\efUpM.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$HCNSYSTEM\Binn\sqlservr.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\DRIVERS\WtSrv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ihug.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.ihug.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ihug.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGuiSt.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee QuickClean Imonitor] C:\Program Files\McAfee\McAfee QuickClean\Plguni.exe /START
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?LinkID=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: eFilmProcessManagerNT - Unknown owner - C:\Program Files\eFilm Medical\eFilm\efPMNT.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe
And here is the Kaspersky log
KASPERSKY ONLINE SCANNER REPORT
Wednesday, September 05, 2007 8:36:21 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 4/09/2007
Kaspersky Anti-Virus database records: 403517
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
E:\
Z:\
Scan Statistics
Total number of scanned objects 221640
Number of viruses found 7
Number of infected objects 82
Number of suspicious objects 0
Duration of the scan process 06:10:24
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\EasyNet\MHNData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\That size part chin\GRAM ATOM.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Paul\.housecall6.6\Quarantine\TorrentManager.dll.bac_a02168 Infected: not-a-virus:AdWare.Win32.Lop.bo skipped
C:\Documents and Settings\Paul\Application Data\this bone sixth\BAITAXIS.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Paul\Application Data\this bone sixth\wvfpadhe.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Paul\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\History\History.IE5\MSHist012007090420070905\index.dat Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\sqlite_1MDaxNxCkqH3TSl Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\sqlite_c405x6kMlVUpNrD Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\sqlite_FCcaZ2rbacyW005 Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\sqlite_sdz2dD0KLPtssjN Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\sqlite_XcPATl30oDefBFZ Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\~DF32F4.tmp Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\~DF33A.tmp Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\~DF367.tmp Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\~DF69A4.tmp Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\~DF820D.tmp Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\~DFCE65.tmp Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temp\~DFFBF0.tmp Object is locked skipped
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Paul\My Documents\From desktop\CCPRSetup.3.0.2.76 indigorose capturecam.exe/fngkhlib.dll Infected: not-a-virus:Monitor.Win32.KeyPressHooker skipped
C:\Documents and Settings\Paul\My Documents\From desktop\CCPRSetup.3.0.2.76 indigorose capturecam.exe SetupFactory: infected - 1 skipped
C:\Documents and Settings\Paul\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\Paul\My Documents\My Pictures\My Logitech Pictures\iMeshV7int.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
C:\Documents and Settings\Paul\My Documents\My Pictures\My Logitech Pictures\iMeshV7int.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
C:\Documents and Settings\Paul\My Documents\My Pictures\My Logitech Pictures\iMeshV7int.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped
C:\Documents and Settings\Paul\My Documents\My Pictures\My Logitech Pictures\iMeshV7int.exe WiseSFX: infected - 3 skipped
C:\Documents and Settings\Paul\My Documents\My Pictures\My Logitech Pictures\iMeshV7int.exe WiseSFX Dropper: infected - 3 skipped
C:\Documents and Settings\Paul\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Paul\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Cintinel\CCPV3\fngkhlib.dll Infected: not-a-virus:Monitor.Win32.KeyPressHooker skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\L0000001.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Paul\Data\storydb.idx Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$HCNSYSTEM\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$HCNSYSTEM\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$HCNSYSTEM\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$HCNSYSTEM\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$HCNSYSTEM\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$HCNSYSTEM\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$HCNSYSTEM\LOG\ERRORLOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP313\A0117441.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP314\A0117704.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP316\A0119573.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP317\A0119594.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP317\A0119611.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP318\A0119702.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP320\A0122781.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP323\A0123946.dll Infected: not-a-virus:Monitor.Win32.KeyPressHooker skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP326\A0124951.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP326\A0124971.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP327\A0124991.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP327\A0126152.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP327\A0126166.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP328\A0127205.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP329\A0128237.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP329\A0129253.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP329\A0131272.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP329\A0132272.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP330\A0133323.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP330\A0133342.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP330\A0133360.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP330\A0134493.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP331\A0134757.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP331\A0136804.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP332\A0136822.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP332\A0137807.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP336\A0138274.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP337\A0138887.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP337\A0139889.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP338\A0139946.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP338\A0140959.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP338\A0142053.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP339\A0142064.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP339\A0142073.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP339\A0142085.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Comet.az skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP339\A0142085.exe/stream Infected: not-a-virus:AdWare.Win32.Comet.az skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP339\A0142085.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP339\A0142094.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP339\A0143093.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP340\A0144190.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP342\A0144486.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP350\A0147458.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP350\A0147477.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP350\A0147495.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP350\A0147516.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP350\A0148516.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP350\A0148531.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\System Volume Information\_restore{1C86B4F5-05EC-488A-98C7-6FEF849763F3}\RP350\change.log Object is locked skipped
C:\unzipped\dreamweaver 8 adobe windows LimeWire Download Accelerator\LimeWire Download Accelerator.exe/data0006 Infected: Trojan.Win32.Obfuscated.en skipped
C:\unzipped\dreamweaver 8 adobe windows LimeWire Download Accelerator\LimeWire Download Accelerator.exe NSIS: infected - 1 skipped
C:\unzipped\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{84943C62-7F44-4C2A-B4F3-BCDC66D5CB2A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcmsc_e7saJgE5m7qP8t5 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_iDcXgCVZhAgzNhr Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_270.dat Object is locked skipped
C:\WINDOWS\Temp\sqlite_73VxdcD8091KVkV Object is locked skipped
C:\WINDOWS\Temp\sqlite_ks4MkcOnUAb0d11 Object is locked skipped
C:\WINDOWS\Temp\sqlite_sySLRLVnTe8NX8i Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000000-00000000-00000009-00001102-00000008-10211102}.CDF Object is locked skipped
Z:\all downloaded files\Capture cam download\CCPRSetup.3.0.2.76 cap cam.exe/fngkhlib.dll Infected: not-a-virus:Monitor.Win32.KeyPressHooker skipped
Z:\all downloaded files\Capture cam download\CCPRSetup.3.0.2.76 cap cam.exe SetupFactory: infected - 1 skipped
Z:\Petah\dreamweaver 8 adobe windows Bittorrent downloader.exe/data0007 Infected: Trojan.Win32.Obfuscated.en skipped
Z:\Petah\dreamweaver 8 adobe windows Bittorrent downloader.exe NSIS: infected - 1 skipped
Z:\Petah\dreamweaver 8 adobe windows LimeWire Download Accelerator.zip/LimeWire Download Accelerator.exe/data0006 Infected: Trojan.Win32.Obfuscated.en skipped
Z:\Petah\dreamweaver 8 adobe windows LimeWire Download Accelerator.zip/LimeWire Download Accelerator.exe Infected: Trojan.Win32.Obfuscated.en skipped
Z:\Petah\dreamweaver 8 adobe windows LimeWire Download Accelerator.zip ZIP: infected - 2 skipped
Z:\Flash torrent\Get-Torrent-2.0.0.0-setup-0350.exe/file02 Infected: not-a-virus:AdWare.Win32.Lop.bo skipped
Z:\Flash torrent\Get-Torrent-2.0.0.0-setup-0350.exe/file13 Infected: Trojan.Win32.Obfuscated.en skipped
Z:\Flash torrent\Get-Torrent-2.0.0.0-setup-0350.exe Inno: infected - 2 skipped
Z:\Desktop\everything desktop\PAULS RUBBISH\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
Z:\Desktop\everything desktop\PAULS RUBBISH\SmitfraudFix.zip ZIP: infected - 1 skipped
Z:\Desktop\everything desktop\PAULS RUBBISH\SmitfraudFix-newer.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
Z:\Desktop\everything desktop\PAULS RUBBISH\SmitfraudFix-newer.zip ZIP: infected - 1 skipped
Z:\PF stuff to be sorted\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
Z:\PF stuff to be sorted\SmitfraudFix.zip ZIP: infected - 1 skipped
Z:\all the files from AAA pod rad\documents and desktop\Unzipped\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
Z:\ASUS COMPUTER FEB 2007\60gig\Pauls Documents\documents and desktop\Unzipped\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
Z:\My Software\CCPRSetup.3.0.2.76 indigorose capturecam.exe/fngkhlib.dll Infected: not-a-virus:Monitor.Win32.KeyPressHooker skipped
Z:\My Software\CCPRSetup.3.0.2.76 indigorose capturecam.exe SetupFactory: infected - 1 skipped
Scan process completed.