Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojandownloader.xs


  • Please log in to reply

#1
AmzngMo

AmzngMo

    New Member

  • Member
  • Pip
  • 7 posts
I need assistance getting the trojandownloader.xs off of my sisters computer. I have run PC-cillan and Windows Defender and removed everything that it found but this trojandownloader stuff is still happening. Below is the HiJackThis log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:37 AM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080225
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080225
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL WIKI.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 9759 bytes
  • 0

Advertisements


#2
ourwilly

ourwilly

    Trusted Helper

  • Retired Staff
  • 768 posts
Hello AmzngMo

Please print out these instructions or copy and paste this fix into Notepad for future reference.

Open HijackThis again, select "Do a System Scan only" and place a checkmark in the boxes before the following entries:

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)

Close all other open windows and click on Fix checked, then exit HijackThis.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Thank you.
  • 0

#3
AmzngMo

AmzngMo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Done.

SDFix - Report.txt

SDFix: Version 1.160

Run by Administrator on Sun 03/23/2008 at 07:58 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Killing PID 908 'mgmrwmrv.exe'

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


Checking Files :

Trojan Files Found:

C:\Program Files\ISM\ism.exe - Deleted
C:\Program Files\ISM\Uninstall.exe - Deleted
C:\Program Files\QdrDrive\qdrloader.exe - Deleted
C:\Program Files\QdrPack\dicts.gz - Deleted
C:\Program Files\QdrPack\trgts.gz - Deleted
C:\Program Files\QdrModule\dic.gz - Deleted
C:\Program Files\QdrModule\kwd.gz - Deleted
C:\Program Files\QdrModule\QdrModule13.exe - Deleted
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe - Deleted
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe - Deleted
C:\WINDOWS\17PHolmes11.exe - Deleted
C:\WINDOWS\system32\000060.exe - Deleted
C:\WINDOWS\system32\000070.exe - Deleted
C:\WINDOWS\system32\000090.exe - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\system32\mgmrwmrv.exe - Deleted
C:\WINDOWS\system32\winfrun32.bin - Deleted



Folder C:\Program Files\ISM - Removed
Folder C:\Program Files\QdrDrive - Removed
Folder C:\Program Files\QdrPack - Removed
Folder C:\Program Files\QdrModule - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 20:01:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\Temp\TMP00000018C00581C20FF585DD

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\lxczcoms.exe"="C:\\WINDOWS\\system32\\lxczcoms.exe:*:Enabled:Lexmark Communications System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 1 Sep 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Wed 1 Sep 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Wed 1 Sep 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Sun 23 Mar 2008 89,088 ..SHR --- "C:\WINDOWS\S?mantec\dexplore.exe"
Fri 26 Jul 2002 346,602 A..HR --- "C:\Documents and Settings\Home\Local Settings\Temp\IEC2CF.tmp"
Mon 3 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT1D.tmp"
Mon 3 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT1B.tmp"
Mon 3 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT1F.tmp"
Mon 3 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT1E.tmp"
Mon 3 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT20.tmp"
Mon 3 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT1C.tmp"

Finished!


HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:26 PM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080225
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080225
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL WIKI.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 9538 bytes
  • 0

#4
ourwilly

ourwilly

    Trusted Helper

  • Retired Staff
  • 768 posts
Hello AmzngMo

1. Please set WinXP to show hidden/system files and folders so that you can find them to delete.

Please click Start and open My Computer.
On the Tools menu, click on Folder Options.
On the View tab, uncheck "Hide file extensions for known file types".
Uncheck "Hide protected operating system files (Recommended)" and click Yes on the warning message. Under "Hidden files and folders", check "Show hidden files and folders".
Click Apply to All Folders.
Click OK and close My Computer.


Next please disable Windows Defender
Open Windows Defender
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.


2. Open HijackThis again, select "Do a System Scan only" and place a checkmark in the boxes before the following entries:

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)

Close all other open windows and click on Fix checked, then exit HijackThis.


Hold Down The Windows Key + E to open Windows Explorer,
Navigate to then right-click on and Delete this Bold folder (if present):

C:\WINDOWS\S?mantec <<When Deleting the S?mantec folder the "?" are replaced with other keyboard characters


3. Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


4. Please visit this webpage for instructions for downloading and running ComboFix
http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.
When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log.

Thank you.
  • 0

#5
AmzngMo

AmzngMo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Done. Here is the ComboFix.txt report.

ComboFix 08-03-24.1 - Home 2008-03-24 19:51:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1340 [GMT -4:00]
Running from: C:\Documents and Settings\Home\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\system32\x64
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.

2008-03-23 19:56 . 2008-03-23 19:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-23 19:55 . 2008-02-25 11:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2008-03-23 19:55 . 2008-02-25 11:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-03-23 19:51 . 2008-03-23 20:03 <DIR> d-------- C:\SDFix
2008-03-22 07:17 . 2008-03-22 07:17 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-18 15:03 . 2008-03-23 10:21 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-16 23:32 . 2008-03-16 23:32 <DIR> d-------- C:\Program Files\zango
2008-03-16 23:32 . 2008-03-16 23:32 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-16 23:32 . 2008-03-16 23:32 <DIR> d-------- C:\Program Files\stc
2008-03-16 23:32 . 2008-03-16 23:32 <DIR> d-------- C:\Program Files\180solutions
2008-03-16 23:32 . 2008-03-16 23:32 <DIR> d-------- C:\Program Files\180searchassistant
2008-03-16 23:32 . 2008-03-16 23:32 <DIR> d-------- C:\Program Files\180search assistant
2008-03-16 23:22 . 2008-03-16 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-16 23:17 . 2008-03-23 19:49 <DIR> d-------- C:\Program Files\Bat
2008-03-16 23:17 . 2008-03-23 01:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-16 23:17 . 2008-03-16 23:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-04 08:45 . 2008-03-04 08:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-03-04 08:44 . 2008-03-04 08:44 <DIR> d-------- C:\WINDOWS\Sun
2008-03-04 08:44 . 2008-03-04 08:44 <DIR> d-------- C:\Program Files\Citrix
2008-03-04 08:44 . 2008-03-04 08:44 60,968 --a------ C:\Documents and Settings\Home\GoToAssistDownloadHelper.exe
2008-03-04 08:17 . 2008-03-04 10:40 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-03-03 22:35 . 2008-03-22 10:43 <DIR> d-------- C:\temp
2008-03-03 18:43 . 2008-03-03 18:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-03 08:00 . 2008-02-25 11:21 <DIR> d-------- C:\Documents and Settings\Jahmil\Application Data\Roxio
2008-03-03 08:00 . 2008-02-25 11:07 <DIR> d-------- C:\Documents and Settings\Jahmil\Application Data\InstallShield
2008-03-03 08:00 . 2008-03-03 08:00 <DIR> d-------- C:\Documents and Settings\Jahmil\Application Data\FaxCtr
2008-03-03 07:52 . 2008-03-03 07:52 <DIR> d-------- C:\Documents and Settings\Home\Application Data\FaxCtr
2008-03-03 07:38 . 2008-03-03 07:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-03-03 07:38 . 2006-04-28 05:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-03-03 07:38 . 2006-04-28 05:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-03-03 07:38 . 2006-04-28 05:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-03-03 07:38 . 2006-04-28 05:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-03-03 07:38 . 2006-04-28 05:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-03-03 07:38 . 2006-11-22 09:51 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-03-03 07:38 . 2006-11-22 09:50 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-03-03 07:38 . 2006-11-22 10:08 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-03-03 07:37 . 2008-03-03 07:39 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2008-03-03 07:37 . 2008-03-03 07:37 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-03-03 07:36 . 2008-03-03 07:39 <DIR> d-------- C:\Program Files\Lexmark 1200 Series
2008-03-03 07:36 . 2006-12-20 17:43 323,584 --a------ C:\WINDOWS\system32\LXCZhcp.dll
2008-03-03 07:36 . 2006-12-20 17:58 274,432 --a------ C:\WINDOWS\system32\LXCZinst.dll
2008-03-03 07:36 . 2007-01-25 15:43 155,648 --a------ C:\WINDOWS\system32\lxczinsb.dll
2008-03-03 07:36 . 2007-01-25 15:43 131,072 --a------ C:\WINDOWS\system32\lxczins.dll
2008-03-03 07:36 . 2007-01-25 15:51 86,016 --a------ C:\WINDOWS\system32\lxczinsr.dll
2008-03-03 07:36 . 2008-03-03 07:39 24,674 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-03-03 07:36 . 2008-03-24 18:27 304 --a------ C:\WINDOWS\Lexstat.ini
2008-03-03 07:35 . 2007-01-22 09:49 344,064 -ra------ C:\WINDOWS\system32\lxczcoin.dll
2008-03-03 07:35 . 2007-02-08 18:44 1,851 -ra------ C:\WINDOWS\system32\lxcz.loc
2008-03-02 18:14 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-02 18:14 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-02 18:14 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-02 16:11 . 2008-03-02 16:11 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-02 16:07 . 2007-01-22 23:30 73,728 --a------ C:\WINDOWS\system32\lxczcfg.dll
2008-03-02 16:07 . 2007-02-07 18:58 39,899 -ra------ C:\WINDOWS\system32\rtsicis.ini
2008-03-02 16:06 . 2001-08-17 23:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-03-02 16:06 . 2001-08-17 23:36 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-03-02 16:06 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-02 16:06 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-02 16:04 . 2008-03-02 16:04 4,128 --a------ C:\INFCACHE.1
2008-03-02 15:24 . 2008-03-02 15:24 <DIR> d-------- C:\Program Files\Belkin
2008-03-02 15:24 . 2005-11-24 20:51 245,248 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2008-03-02 15:24 . 2004-04-30 16:12 40,960 --a------ C:\WINDOWS\system32\F5D9050.dll
2008-03-02 15:24 . 2005-06-15 05:35 36,864 --a------ C:\WINDOWS\system32\ss.dll
2008-03-02 15:24 . 2008-03-02 15:24 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-02 15:24 . 2005-06-18 03:48 19,968 --a------ C:\WINDOWS\system32\drivers\ss.sys
2008-03-02 15:23 . 2008-03-02 15:23 <DIR> d--hs---- C:\Documents and Settings\Home\UserData
2008-03-02 15:10 . 2008-03-02 15:10 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-02 15:10 . 2006-10-26 20:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-03-02 15:08 . 2008-03-02 15:08 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-02 15:08 . 2008-03-02 15:08 <DIR> dr-h----- C:\MSOCache
2008-03-02 15:08 . 2008-03-11 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-02 14:33 . 2008-02-25 11:21 <DIR> d-------- C:\Documents and Settings\Home\Application Data\Roxio
2008-03-02 14:33 . 2008-02-25 11:07 <DIR> d-------- C:\Documents and Settings\Home\Application Data\InstallShield
2008-03-02 14:23 . 2004-08-04 01:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-02 14:23 . 2004-08-04 00:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-03-02 14:23 . 2001-08-17 15:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-02 14:23 . 2001-08-17 16:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-03-02 14:23 . 2008-03-02 14:23 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-02-25 11:21 . 2008-02-25 11:21 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-02-25 11:21 . 2008-02-25 11:21 61 --a------ C:\WINDOWS\smscfg.ini
2008-02-25 11:20 . 2008-02-25 11:20 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-02-25 11:20 . 2008-02-25 11:20 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-02-25 11:20 . 2008-02-25 11:20 0 --ah----- C:\Documents and Settings\All Users\Application Data\gwseh.dat
2008-02-25 11:19 . 2008-02-25 11:19 71 --a------ C:\SystemInfo.ini
2008-02-25 11:18 . 2008-03-02 15:10 <DIR> d-------- C:\Program Files\Microsoft Works
2008-02-25 11:18 . 2008-02-25 11:18 <DIR> d-------- C:\Program Files\EarthLink Setup
2008-02-25 11:17 . 2008-02-25 11:17 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-25 11:17 . 2008-02-25 11:17 <DIR> d-------- C:\Program Files\Real
2008-02-25 11:17 . 2008-02-25 11:17 <DIR> d-------- C:\Program Files\QuickTime
2008-02-25 11:17 . 2008-02-25 11:17 <DIR> d-------- C:\Program Files\Learn2.com
2008-02-25 11:17 . 2008-02-25 11:17 <DIR> d-------- C:\Program Files\Common Files\Real
2008-02-25 11:17 . 2008-02-25 11:17 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2008-02-25 11:17 . 2008-02-25 11:17 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-02-25 11:17 . 2008-02-25 11:17 <DIR> d-------- C:\Program Files\AOL Companion
2008-02-25 11:17 . 2008-02-25 11:18 <DIR> d-------- C:\Program Files\America Online 9.0
2008-02-25 11:17 . 2008-02-25 11:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-25 11:17 . 2008-02-25 11:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-25 11:17 . 2008-02-25 11:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-02-25 11:16 . 2008-02-25 11:16 <DIR> d-------- C:\Program Files\MUSICMATCH
2008-02-25 11:16 . 2008-02-25 11:16 <DIR> d-------- C:\Program Files\Microsoft Plus! Photo Story 2 LE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 15:17 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-02-25 14:47 7,473 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_INS_530S.mrk
2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 18:15 321040]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-07-16 21:45 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-07-16 21:45 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-07-16 21:45 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-16 21:48 16132608 C:\WINDOWS\RTHDCPL.EXE]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 13:35 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 13:37 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 13:22 221184]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 11:00 1116920]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 15:02 1807960]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 19:23 118784]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-25 11:15 1838592]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 11:24 16384]
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [2006-03-14 17:52 1585152]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 18:52 74672]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 18:56 295856]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-25 11:17 98304]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 20:48 434528]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-25 11:08:45 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{827D3881-317C-442A-B4ED-F576CBA700BB}"= C:\WINDOWS\SYSTEM32\GWSEH.dll [2004-09-23 09:21 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2008-03-04 08:44 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL WIKI.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\lxczcoms.exe"=

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 12:35]
R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-08 18:50]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 11:23]
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys [2005-06-18 03:48]
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service []

*Newly Created Service* - GTNDIS5
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 19:51:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-24 19:51:54
ComboFix-quarantined-files.txt 2008-03-24 23:51:53
.
2008-03-11 19:46:28 --- E O F ---
  • 0

#6
ourwilly

ourwilly

    Trusted Helper

  • Retired Staff
  • 768 posts
Hello AmzngMo

Copy and Paste this 'Fix' into either Notepad or Wordpad for future reference as you will be required to closed down you browser when following these steps.

Please Open notepad - don't use any other text editor

I would like you to now Copy/paste the text in the quotebox below into notepad:

Folder::
C:\Program Files\zango
C:\Program Files\Sysmnt
C:\Program Files\stc
C:\Program Files\180solutions
C:\Program Files\180searchassistant
C:\Program Files\180search assistant
C:\Program Files\Bat



Name the file CFScript and Save it to your Desktop

Posted Image
Refering to the picture above, drag CFScript.txt into ComboFix.exe

Run ComboFix again and post the resultant log, please also rescan with HijackThis and post the new log and can you let me know how your system is running.

Thank you.
  • 0

#7
AmzngMo

AmzngMo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
The system seems to be running fine. I have not seen any of those annoying messages since the first time I ran the combofix. Was there a lot of spyware other than the trojandownloader.xs?

ComboFix Log

ComboFix 08-03-24.1 - Home 2008-03-25 21:17:00.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1332 [GMT -4:00]
Running from: C:\Documents and Settings\Home\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Home\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\180search assistant
C:\Program Files\180search assistant\180sa.exe
C:\Program Files\180search assistant\sau.exe
C:\Program Files\180searchassistant
C:\Program Files\180searchassistant\saap.exe
C:\Program Files\180searchassistant\sac.exe
C:\Program Files\180solutions
C:\Program Files\180solutions\sais.exe
C:\Program Files\Bat
C:\Program Files\Bat\Bat.dll.intermediate.manifest
C:\Program Files\Bat\Bat.exe
C:\Program Files\Bat\Bat.info
C:\Program Files\Bat\Bat.original
C:\Program Files\Bat\Info.dll
C:\Program Files\Bat\un_BatSetup_15041.exe
C:\Program Files\Bat\un_BatSetup_15041.txt
C:\Program Files\Bat\X_Bat.exe
C:\Program Files\Bat\X_Bat.log
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\stc
C:\Program Files\stc\csv5p070.exe
C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\Program Files\zango
C:\Program Files\zango\zango.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.

2008-03-23 19:56 . 2008-03-23 19:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-23 19:55 . 2008-02-25 11:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Roxio
2008-03-23 19:55 . 2008-02-25 11:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-03-23 19:51 . 2008-03-23 20:03 <DIR> d-------- C:\SDFix
2008-03-22 07:17 . 2008-03-22 07:17 <DIR> d-------- C:\Program Files\Windows Defender
2008-03-18 15:03 . 2008-03-23 10:21 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-16 23:22 . 2008-03-16 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-16 23:17 . 2008-03-23 01:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-16 23:17 . 2008-03-16 23:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-04 08:45 . 2008-03-04 08:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Citrix
2008-03-04 08:44 . 2008-03-04 08:44 <DIR> d-------- C:\WINDOWS\Sun
2008-03-04 08:44 . 2008-03-04 08:44 <DIR> d-------- C:\Program Files\Citrix
2008-03-04 08:44 . 2008-03-04 08:44 60,968 --a------ C:\Documents and Settings\Home\GoToAssistDownloadHelper.exe
2008-03-04 08:17 . 2008-03-04 10:40 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-03-03 22:35 . 2008-03-22 10:43 <DIR> d-------- C:\temp
2008-03-03 18:43 . 2008-03-03 18:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-03 08:00 . 2008-02-25 11:21 <DIR> d-------- C:\Documents and Settings\Jahmil\Application Data\Roxio
2008-03-03 08:00 . 2008-02-25 11:07 <DIR> d-------- C:\Documents and Settings\Jahmil\Application Data\InstallShield
2008-03-03 08:00 . 2008-03-03 08:00 <DIR> d-------- C:\Documents and Settings\Jahmil\Application Data\FaxCtr
2008-03-03 07:52 . 2008-03-03 07:52 <DIR> d-------- C:\Documents and Settings\Home\Application Data\FaxCtr
2008-03-03 07:38 . 2008-03-03 07:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-03-03 07:38 . 2006-04-28 05:16 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2008-03-03 07:38 . 2006-04-28 05:16 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2008-03-03 07:38 . 2006-04-28 05:16 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2008-03-03 07:38 . 2006-04-28 05:16 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2008-03-03 07:38 . 2006-04-28 05:16 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2008-03-03 07:38 . 2006-11-22 09:51 45,056 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2008-03-03 07:38 . 2006-11-22 09:50 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2008-03-03 07:38 . 2006-11-22 10:08 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2008-03-03 07:37 . 2008-03-03 07:39 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2008-03-03 07:37 . 2008-03-03 07:37 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-03-03 07:36 . 2008-03-03 07:39 <DIR> d-------- C:\Program Files\Lexmark 1200 Series
2008-03-03 07:36 . 2006-12-20 17:43 323,584 --a------ C:\WINDOWS\system32\LXCZhcp.dll
2008-03-03 07:36 . 2006-12-20 17:58 274,432 --a------ C:\WINDOWS\system32\LXCZinst.dll
2008-03-03 07:36 . 2007-01-25 15:43 155,648 --a------ C:\WINDOWS\system32\lxczinsb.dll
2008-03-03 07:36 . 2007-01-25 15:43 131,072 --a------ C:\WINDOWS\system32\lxczins.dll
2008-03-03 07:36 . 2007-01-25 15:51 86,016 --a------ C:\WINDOWS\system32\lxczinsr.dll
2008-03-03 07:36 . 2008-03-03 07:39 24,674 --a------ C:\WINDOWS\system32\LexFiles.ulf
2008-03-03 07:36 . 2008-03-24 22:39 306 --a------ C:\WINDOWS\Lexstat.ini
2008-03-03 07:35 . 2007-01-22 09:49 344,064 -ra------ C:\WINDOWS\system32\lxczcoin.dll
2008-03-03 07:35 . 2007-02-08 18:44 1,851 -ra------ C:\WINDOWS\system32\lxcz.loc
2008-03-02 18:14 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-02 18:14 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-02 18:14 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-02 16:11 . 2008-03-02 16:11 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-02 16:07 . 2007-01-22 23:30 73,728 --a------ C:\WINDOWS\system32\lxczcfg.dll
2008-03-02 16:07 . 2007-02-07 18:58 39,899 -ra------ C:\WINDOWS\system32\rtsicis.ini
2008-03-02 16:06 . 2001-08-17 23:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-03-02 16:06 . 2001-08-17 23:36 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-03-02 16:06 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-02 16:06 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-02 16:04 . 2008-03-02 16:04 4,128 --a------ C:\INFCACHE.1
2008-03-02 15:24 . 2008-03-02 15:24 <DIR> d-------- C:\Program Files\Belkin
2008-03-02 15:24 . 2005-11-24 20:51 245,248 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2008-03-02 15:24 . 2004-04-30 16:12 40,960 --a------ C:\WINDOWS\system32\F5D9050.dll
2008-03-02 15:24 . 2005-06-15 05:35 36,864 --a------ C:\WINDOWS\system32\ss.dll
2008-03-02 15:24 . 2008-03-02 15:24 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-02 15:24 . 2005-06-18 03:48 19,968 --a------ C:\WINDOWS\system32\drivers\ss.sys
2008-03-02 15:23 . 2008-03-02 15:23 <DIR> d--hs---- C:\Documents and Settings\Home\UserData
2008-03-02 15:10 . 2008-03-02 15:10 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-02 15:10 . 2006-10-26 20:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-03-02 15:08 . 2008-03-02 15:08 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-02 15:08 . 2008-03-02 15:08 <DIR> dr-h----- C:\MSOCache
2008-03-02 15:08 . 2008-03-11 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-02 14:33 . 2008-02-25 11:21 <DIR> d-------- C:\Documents and Settings\Home\Application Data\Roxio
2008-03-02 14:33 . 2008-02-25 11:07 <DIR> d-------- C:\Documents and Settings\Home\Application Data\InstallShield
2008-03-02 14:23 . 2004-08-04 01:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-02 14:23 . 2004-08-04 00:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-03-02 14:23 . 2001-08-17 15:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-02 14:23 . 2001-08-17 16:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-03-02 14:23 . 2008-03-02 14:23 8,192 --a------ C:\WINDOWS\REGLOCS.OLD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 13:47 --------- d-----w C:\Program Files\Trend Micro
2008-03-07 03:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-03-04 12:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-02 20:04 --------- d-----w C:\Program Files\Google
2008-03-02 19:10 --------- d-----w C:\Program Files\Microsoft Works
2008-02-25 15:21 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Roxio
2008-02-25 15:20 0 ---ha-w C:\Documents and Settings\All Users\Application Data\gwseh.dat
2008-02-25 15:19 --------- d-----w C:\Program Files\Dell
2008-02-25 15:18 --------- d-----w C:\Program Files\EarthLink Setup
2008-02-25 15:18 --------- d-----w C:\Program Files\America Online 9.0
2008-02-25 15:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-25 15:16 --------- d-----w C:\Program Files\MUSICMATCH
2008-02-25 15:16 --------- d-----w C:\Program Files\Microsoft Plus! Photo Story 2 LE
2008-02-25 15:16 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-02-25 15:15 --------- d-----w C:\Program Files\Dell Support Center
2008-02-25 15:15 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-02-25 15:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-02-25 15:14 --------- d-----w C:\Program Files\Dell DataSafe Online
2008-02-25 15:13 --------- d-----w C:\Program Files\CyberLink
2008-02-25 15:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-02-25 15:11 --------- d-----w C:\Program Files\Roxio
2008-02-25 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-02-25 15:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-02-25 15:10 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-02-25 15:09 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-02-25 15:09 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-02-25 15:09 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-25 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-02-25 15:08 --------- d-----w C:\Program Files\NetZeroInstallers
2008-02-25 15:08 --------- d-----w C:\Program Files\NetWaiting
2008-02-25 15:08 --------- d-----w C:\Program Files\Digital Line Detect
2008-02-25 15:07 --------- d-----w C:\Program Files\Modem Diagnostic Tool
2008-02-25 15:07 --------- d-----w C:\Program Files\Intel
2008-02-25 15:05 --------- d-----w C:\Program Files\Java
2008-02-25 15:05 --------- d-----w C:\Program Files\Common Files\Java
2008-02-25 15:04 --------- d-----w C:\Program Files\MSXML 6.0
2008-02-25 14:52 --------- d-----w C:\Program Files\CONEXANT
2008-02-25 14:47 7,473 ----a-w C:\WINDOWS\system32\drivers\1028_Dell_INS_530S.mrk
2008-01-11 05:53 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 18:15 321040]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 11:23 202544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-07-16 21:45 142104]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-07-16 21:45 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-07-16 21:45 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-16 21:48 16132608 C:\WINDOWS\RTHDCPL.EXE]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 13:35 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 13:37 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 13:22 221184]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 11:00 1116920]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 15:02 1807960]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 19:23 118784]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-25 11:15 1838592]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 11:24 16384]
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [2006-03-14 17:52 1585152]
"lxczbmgr.exe"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2007-02-08 18:52 74672]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-08 18:56 295856]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-25 11:17 98304]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 20:48 434528]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-25 11:08:45 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{827D3881-317C-442A-B4ED-F576CBA700BB}"= C:\WINDOWS\SYSTEM32\GWSEH.dll [2004-09-23 09:21 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2008-03-04 08:44 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL WIKI.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\lxczcoms.exe"=

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 12:35]
R2 lxcz_device;lxcz_device;C:\WINDOWS\system32\lxczcoms.exe [2007-02-08 18:50]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 11:23]
R3 StreamSurge;StreamSurge Driver (miniport);C:\WINDOWS\system32\DRIVERS\ss.sys [2005-06-18 03:48]
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-25 21:17:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-25 21:17:46
ComboFix-quarantined-files.txt 2008-03-26 01:17:44
ComboFix2.txt 2008-03-24 23:51:55
.
2008-03-25 19:34:20 --- E O F ---


HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:55 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080225
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL WIKI.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 8395 bytes
  • 0

#8
ourwilly

ourwilly

    Trusted Helper

  • Retired Staff
  • 768 posts
Hello AmzngMo

Was there a lot of spyware other than the trojandownloader.xs

Yes!! quite a bit of unwanted entries which have now been removed... :)

Please now use Internet Explorer and run this online scan with Kaspersky WebScanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases


Click OK
Now under select a target to scan: Select My Computer

This will program will start and scan your system, This will take a while so be patient and let it run.

When the scan has completed, click Save Report As a Text File.
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste that information in your next post

Thank you
  • 0

#9
AmzngMo

AmzngMo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
The file is too long for me to post. I have to do it twice.

Part One:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 27, 2008 12:19:46 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/03/2008
Kaspersky Anti-Virus database records: 667041
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 57276
Number of viruses found: 7
Number of infected objects: 29
Number of suspicious objects: 0
Duration of the scan process: 00:29:07

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03222008-071739.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-4054638284-3112591940-1526171894-1003.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-4054638284-3112591940-1526171894-1007.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-4054638284-3112591940-1526171894-1007u.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-4054638284-3112591940-1526171894-1008u.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-4054638284-3112591940-1526171894-1009u.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\TmPfw_S-1-5-21-4054638284-3112591940-1526171894-1003.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\Temp\scan_S-1-5-21-4054638284-3112591940-1526171894-1008.ini Object is locked skipped
C:\Documents and Settings\Home\Application Data\Roxio\MediaManager9\Album.ldb Object is locked skipped
C:\Documents and Settings\Home\Application Data\Roxio\MediaManager9\Album.psod Object is locked skipped
C:\Documents and Settings\Home\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini.inuse Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{4E44F808-BA89-4600-9E14-DD8DA1087F2C} Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\SupportSoft\DellSupportCenter\Home\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Home\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\History\History.IE5\MSHist012008032720080328\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temp\~DF3968.tmp Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temp\~DF3973.tmp Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temp\~DFA5A6.tmp Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temp\~ROMFN_00000DE0 Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Home\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Adobe\Acrobat\8.0\AdobeCMapFnt08.lst Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Adobe\Acrobat\8.0\AdobeSysFnt08.lst Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Adobe\Acrobat\8.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\Nate\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Application Data\FaxCtr\FAXLOG32.CDX Object is locked skipped
C:\Documents and Settings\Nate\Application Data\FaxCtr\FAXLOG32.DBF Object is locked skipped
C:\Documents and Settings\Nate\Application Data\FaxCtr\FAXLOG32.FPT Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\bankofamerica.com\sas\sas-docs\html\pmfso.swf\PassMark.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\bin.clearspring.com\clearspring.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\flash.quantserve.com\com.quantserve.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\interclick.com\ud.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\login.yahoo.com\loginCache.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\mpsnare.iesnare.com\stm.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\resources.imeem.com\com.quantserve.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\www.dailymotion.com\flash\dmplayer\dmplayer.swf\dmplayer.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\www.pepboys.com\flash\homepage.swf\introStatus.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\www.pepboys.com\flash\homepage.swf\soundStatus.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\www.youtube.com\soundData.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\www.youtube.com\timeDisplayConfig.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bankofamerica.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#login.yahoo.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mpsnare.iesnare.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#resources.imeem.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.dailymotion.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.pepboys.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Address Book\Nate.wab Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Address Book\Nate.wab~ Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4054638284-3112591940-1526171894-1007\e80d183e3a1afb4d5142943be011a7a6_a256fb97-162a-4558-be23-08ae4bbcb195 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Document Building Blocks\1033\Building Blocks.dotx Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\UserData\0IL9ZRZY\YL[1].xml Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\UserData\index.dat Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Media Player\000CA6B5.wpl Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Office\MSO1033.acl Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Office\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Office\Recent\index.dat Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Office\Recent\My Documents.LNK Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Office\Recent\Nathaniel Stanley.LNK Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Office\Recent\Templates.LNK Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Office\Word12.pip Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Protect\S-1-5-21-4054638284-3112591940-1526171894-1003\d0f2097c-ee5f-442f-985f-66ec31ce1b08 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Protect\S-1-5-21-4054638284-3112591940-1526171894-1003\Preferred Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Protect\S-1-5-21-4054638284-3112591940-1526171894-1007\9c8e8033-c427-43cc-9bbf-5e816c0f5fbe Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Protect\S-1-5-21-4054638284-3112591940-1526171894-1007\Preferred Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Templates\Normal.dotm Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\UProof\CUSTOM.DIC Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Roxio\MediaManager9\Album.ldb Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Roxio\MediaManager9\Album.psod Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Roxio\MediaManager9\CollectionList.xml Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\rd2.class-4cb346b2-4a4cbaa4.class Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\rd2.class-4cb346b2-4a4cbaa4.idx Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\tscroll.class-4ea6c973-70eef7b2.class Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\tscroll.class-4ea6c973-70eef7b2.idx Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Sun\Java\Deployment\deployment.properties Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Sun\Java\Deployment\log\plugin150_06.trace Object is locked skipped
C:\Documents and Settings\Nate\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected]antispywareupdates[2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][3].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][3].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\na[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][3].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][4].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected]er[2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][2].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Cookies\[email protected][1].txt Object is locked skipped
C:\Documents and Settings\Nate\Desktop\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Dell\Dell Auction.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Dell\Dell Internet Security.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Dell\Dell.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Dell\Support.Dell.Com.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Links\RealPlayer.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Media\Real.com Radio Tuner.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Microsoft Websites\IE Add-on site.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Microsoft Websites\IE site on Microsoft.com.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Microsoft Websites\Marketplace.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Microsoft Websites\Microsoft At Home.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Microsoft Websites\Microsoft At Work.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Microsoft Websites\Welcome to IE7.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\RealPlayer Home Page.url Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\AcroFnt08.lst Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Acrobat\8.0\Updater\updater.log Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Color\ACECache6.lst Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Updater5\acrobatPI.log Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Updater5\AdobeUpdaterPrefs.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Updater5\aum.log Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Updater5\aumLib.log Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Updater5\Data\AdobeUpdater.aum Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Updater5\Data\AdobeUpdater_meta.txt Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Updater5\Data\reader8rdr-en_US.aum Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Updater5\Data\reader8rdr-en_US.aup.xml Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Updater5\Data\reader8rdr-en_US_meta.txt Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini.inuse Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\ApplicationHistory\info.exe.c95fa770.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Drafts.dbx Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Outbox.dbx Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Sent Items.dbx Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Spam Mail.dbx Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds Cache\4LP90EXJ\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds Cache\B1BU13R3\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds Cache\W9VAHKL4\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds Cache\W9VAHKL4\fwlink[1] Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds Cache\ZLB2ESIR\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds Cache\ZLB2ESIR\fwlink[1] Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Media Player\wmpfolders.wmdb Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{BE2DA477-429D-4027-8092-07281DD2E025} Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Works\Portfolio\wsbsamp.wsb Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Roxio\D2DCmdLog_D.log Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\SupportSoft\DellSupportCenter\Nate\state\databags\gs_agent.dellsupportcenter.History.xml Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\SupportSoft\DellSupportCenter\Nate\state\logs\agentui.log Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\1033.MST Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\J2SE Runtime Environment 5.0 Update 6.msi Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\History\History.IE5\MSHist012008030320080310\index.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\History\History.IE5\MSHist012008031020080317\index.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\History\History.IE5\MSHist012008031720080324\index.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\History\History.IE5\MSHist012008032520080326\index.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\History\History.IE5\MSHist012008032620080327\index.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\ADL45.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Arabic.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\BatSetup.exe Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\bblatest.exe Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\CEMG555077.exe Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Czech.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Danish.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Dutch.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\English.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Finnish.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\French.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\German.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Google Gadget Cache\{06AAF918-7EB8-4D25-5292-36FD69A8B697}\1033\strings.xml Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Google Gadget Cache\{06AAF918-7EB8-4D25-5292-36FD69A8B697}\gadget.gmanifest Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Google Gadget Cache\{5E468714-D13C-5211-B55C-44BD35E12F48}\1033\strings.xml Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Google Gadget Cache\{5E468714-D13C-5211-B55C-44BD35E12F48}\gadget.gmanifest Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Google Gadget Cache\{B14A0DF3-AA65-3C02-BB07-733025C7B0F1}\1033\strings.xml Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Google Gadget Cache\{B14A0DF3-AA65-3C02-BB07-733025C7B0F1}\gadget.gmanifest Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Greek.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Hebrew.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\hpzs34ff0 Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\hsperfdata_Nate\2268 Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Hungarian.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Italian.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Japanese.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\java_install_reg.log Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Korean.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Norwegian.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\outerinfo.ico Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Perflib_Perfdata_740.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Perflib_Perfdata_f90.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Polish.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Portuguese(Brazil).bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Portuguese.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\rtdrvmon.exe Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Russian.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\SimChin.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Spanish.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\SWEDISH.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Thai.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\TradChin.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Turkish.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF1121.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF1B2A.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF225.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF2261.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF2369.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF2402.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF25A7.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF2A28.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF2B70.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF2CB.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF2CE5.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF2DD9.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF2FF9.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF3297.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF3441.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF34D1.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF3BAC.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF4461.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF4633.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF4839.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF48B6.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF4E8A.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF4FB8.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF5133.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF5343.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF5353.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF54A8.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp&#
  • 0

#10
AmzngMo

AmzngMo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
The file was too large for me to post so I went and deleted all of the temporary internet files from all users and that significantly lowered the file size. Hope it all fits now.

Kasperkey Results:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 27, 2008 1:16:06 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/03/2008
Kaspersky Anti-Virus database records: 667041
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 44658
Number of viruses found: 7
Number of infected objects: 27
Number of suspicious objects: 0
Duration of the scan process: 00:25:30

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03222008-071739.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-4054638284-3112591940-1526171894-1003.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-4054638284-3112591940-1526171894-1007.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-4054638284-3112591940-1526171894-1007u.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-4054638284-3112591940-1526171894-1008u.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-4054638284-3112591940-1526171894-1009u.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\TmPfw_S-1-5-21-4054638284-3112591940-1526171894-1003.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\Temp\scan_S-1-5-21-4054638284-3112591940-1526171894-1008.ini Object is locked skipped
C:\Documents and Settings\Home\Application Data\Roxio\MediaManager9\Album.ldb Object is locked skipped
C:\Documents and Settings\Home\Application Data\Roxio\MediaManager9\Album.psod Object is locked skipped
C:\Documents and Settings\Home\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini.inuse Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{4E44F808-BA89-4600-9E14-DD8DA1087F2C} Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\SupportSoft\DellSupportCenter\Home\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Home\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\History\History.IE5\MSHist012008032720080328\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temp\~DF3968.tmp Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temp\~DF3973.tmp Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temp\~DFA5A6.tmp Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temp\~ROMFN_00000DE0 Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Home\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Jahmil\Application Data\Roxio\MediaManager9\Album.ldb Object is locked skipped
C:\Documents and Settings\Jahmil\Application Data\Roxio\MediaManager9\Album.psod Object is locked skipped
C:\Documents and Settings\Jahmil\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jahmil\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jahmil\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jahmil\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Adobe\Acrobat\8.0\AdobeCMapFnt08.lst Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Adobe\Acrobat\8.0\AdobeSysFnt08.lst Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Adobe\Acrobat\8.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\Nate\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Application Data\FaxCtr\FAXLOG32.CDX Object is locked skipped
C:\Documents and Settings\Nate\Application Data\FaxCtr\FAXLOG32.DBF Object is locked skipped
C:\Documents and Settings\Nate\Application Data\FaxCtr\FAXLOG32.FPT Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\bankofamerica.com\sas\sas-docs\html\pmfso.swf\PassMark.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\bin.clearspring.com\clearspring.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\flash.quantserve.com\com.quantserve.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\interclick.com\ud.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\login.yahoo.com\loginCache.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\mpsnare.iesnare.com\stm.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\resources.imeem.com\com.quantserve.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\www.dailymotion.com\flash\dmplayer\dmplayer.swf\dmplayer.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\www.pepboys.com\flash\homepage.swf\introStatus.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\www.pepboys.com\flash\homepage.swf\soundStatus.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\www.youtube.com\soundData.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\#SharedObjects\JE2S9N9C\www.youtube.com\timeDisplayConfig.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bankofamerica.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#login.yahoo.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mpsnare.iesnare.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#resources.imeem.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.dailymotion.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.pepboys.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Address Book\Nate.wab Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Address Book\Nate.wab~ Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4054638284-3112591940-1526171894-1007\e80d183e3a1afb4d5142943be011a7a6_a256fb97-162a-4558-be23-08ae4bbcb195 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Document Building Blocks\1033\Building Blocks.dotx Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Internet Explorer\UserData\index.dat Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Media Player\000CA6B5.wpl Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Office\MSO1033.acl Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Office\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Office\Recent\index.dat Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Office\Recent\My Documents.LNK Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Office\Recent\Nathaniel Stanley.LNK Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Office\Recent\Templates.LNK Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Office\Word12.pip Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Protect\S-1-5-21-4054638284-3112591940-1526171894-1003\d0f2097c-ee5f-442f-985f-66ec31ce1b08 Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Protect\S-1-5-21-4054638284-3112591940-1526171894-1003\Preferred Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Protect\S-1-5-21-4054638284-3112591940-1526171894-1007\9c8e8033-c427-43cc-9bbf-5e816c0f5fbe Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Protect\S-1-5-21-4054638284-3112591940-1526171894-1007\Preferred Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Templates\Normal.dotm Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\UProof\CUSTOM.DIC Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Roxio\MediaManager9\Album.ldb Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Roxio\MediaManager9\Album.psod Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Roxio\MediaManager9\CollectionList.xml Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\rd2.class-4cb346b2-4a4cbaa4.class Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\rd2.class-4cb346b2-4a4cbaa4.idx Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\tscroll.class-4ea6c973-70eef7b2.class Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\tscroll.class-4ea6c973-70eef7b2.idx Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Sun\Java\Deployment\deployment.properties Object is locked skipped
C:\Documents and Settings\Nate\Application Data\Sun\Java\Deployment\log\plugin150_06.trace Object is locked skipped
C:\Documents and Settings\Nate\Cookies\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Nate\Desktop\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Dell\Dell Auction.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Dell\Dell Internet Security.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Dell\Dell.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Dell\Support.Dell.Com.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Links\RealPlayer.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Media\Real.com Radio Tuner.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Microsoft Websites\IE Add-on site.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Microsoft Websites\IE site on Microsoft.com.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Microsoft Websites\Marketplace.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Microsoft Websites\Microsoft At Home.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Microsoft Websites\Microsoft At Work.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Microsoft Websites\Welcome to IE7.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Nate\Favorites\RealPlayer Home Page.url Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\AcroFnt08.lst Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Acrobat\8.0\Updater\updater.log Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Color\ACECache6.lst Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Updater5\acrobatPI.log Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Updater5\AdobeUpdaterPrefs.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Updater5\aum.log Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Updater5\aumLib.log Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Updater5\Data\AdobeUpdater.aum Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Updater5\Data\AdobeUpdater_meta.txt Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Updater5\Data\reader8rdr-en_US.aum Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Updater5\Data\reader8rdr-en_US.aup.xml Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Adobe\Updater5\Data\reader8rdr-en_US_meta.txt Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\ApplicationHistory\dsca.exe.cf6b816f.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini.inuse Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\ApplicationHistory\iconfix.exe.1e178bd5.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\ApplicationHistory\info.exe.c95fa770.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\ApplicationHistory\regtweak.exe.dc1948c4.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\ApplicationHistory\rename.exe.87e761aa.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\ApplicationHistory\SL30.tmp.a406a4be.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Deleted Items.dbx Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Drafts.dbx Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Outbox.dbx Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Sent Items.dbx Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Spam Mail.dbx Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds Cache\4LP90EXJ\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds Cache\B1BU13R3\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds Cache\W9VAHKL4\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds Cache\W9VAHKL4\fwlink[1] Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds Cache\ZLB2ESIR\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Feeds Cache\ZLB2ESIR\fwlink[1] Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Media Player\wmpfolders.wmdb Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{BE2DA477-429D-4027-8092-07281DD2E025} Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Microsoft\Works\Portfolio\wsbsamp.wsb Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\Roxio\D2DCmdLog_D.log Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\SupportSoft\DellSupportCenter\Nate\state\databags\gs_agent.dellsupportcenter.History.xml Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\SupportSoft\DellSupportCenter\Nate\state\logs\agentui.log Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\1033.MST Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\J2SE Runtime Environment 5.0 Update 6.msi Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\History\History.IE5\MSHist012008032720080328\index.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\ADL45.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Arabic.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\BatSetup.exe Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\bblatest.exe Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\CEMG555077.exe Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Czech.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Danish.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Dutch.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\English.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Finnish.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\French.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\German.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Google Gadget Cache\{06AAF918-7EB8-4D25-5292-36FD69A8B697}\1033\strings.xml Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Google Gadget Cache\{06AAF918-7EB8-4D25-5292-36FD69A8B697}\gadget.gmanifest Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Google Gadget Cache\{5E468714-D13C-5211-B55C-44BD35E12F48}\1033\strings.xml Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Google Gadget Cache\{5E468714-D13C-5211-B55C-44BD35E12F48}\gadget.gmanifest Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Google Gadget Cache\{B14A0DF3-AA65-3C02-BB07-733025C7B0F1}\1033\strings.xml Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Google Gadget Cache\{B14A0DF3-AA65-3C02-BB07-733025C7B0F1}\gadget.gmanifest Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Greek.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Hebrew.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\hpzs34ff0 Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\hsperfdata_Nate\2268 Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Hungarian.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Italian.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Japanese.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\java_install_reg.log Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Korean.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Norwegian.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\outerinfo.ico Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Perflib_Perfdata_740.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Perflib_Perfdata_f90.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Polish.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Portuguese(Brazil).bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Portuguese.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\rtdrvmon.exe Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Russian.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\SimChin.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Spanish.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\SWEDISH.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Thai.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\TradChin.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\Turkish.bin Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF1121.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF1B2A.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF225.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF2261.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF2369.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF2402.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF25A7.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF2A28.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF2B70.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF2CB.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF2CE5.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF2DD9.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF2FF9.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF3297.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF3441.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF34D1.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF3BAC.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF4461.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF4483.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF4633.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF4839.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF48B6.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF4E8A.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF4FB8.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF5133.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF5343.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF5353.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF54A8.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF5749.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF57B8.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF5C3F.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF5D79.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF67DD.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF6AD3.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF7070.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF70D9.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF7476.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF7DC7.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF8006.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF83D3.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF8540.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF8D4D.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF8FAF.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF8FE0.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF9505.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF9BED.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF9CE1.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DF9E83.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFA26A.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFA336.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFA4AB.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFB4BC.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFB7BF.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFB906.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFBB73.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFC1C0.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFC246.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFD13F.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFD19B.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFD2E5.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFD426.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFD7AC.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFDADB.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFE072.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFE131.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFE385.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFE442.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFED64.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFEEC2.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFF189.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFF39E.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFF676.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFF7DC.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFFCD.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFFD00.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFFE56.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~DFFF31.tmp Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~ROMFN_00000888 Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~ROMFN_00000890 Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temp\~ROMFN_00000C1C Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\2G0KQX71\button[1].png Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\2G0KQX71\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\2G0KQX71\Main_img3_over[1].png Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\991VZQIJ\btn_mouse_over[1].png Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\991VZQIJ\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\991VZQIJ\Main_img2_over[1].png Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\991VZQIJ\Main_img5_up[1].png Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\F6GV96GS\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\F6GV96GS\Main_img4_over[1].png Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\F6GV96GS\Main_img4_up[1].png Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\F6GV96GS\Main_img5[1].png Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\UROUCTJK\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\UROUCTJK\Main_img4[1].png Object is locked skipped
C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\My Documents\aѕsembly\dllhost.exe Object is locked skipped
C:\Documents and Settings\Nate\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\My Documents\My Google Gadgets\Analog Clock-Google.gg Object is locked skipped
C:\Documents and Settings\Nate\My Documents\My Google Gadgets\Weather-Google Inc..gg Object is locked skipped
C:\Documents and Settings\Nate\My Documents\My Google Gadgets\World Daylight Alarm Clock-Google.gg Object is locked skipped
C:\Documents and Settings\Nate\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Nate\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Nate\My Documents\My Pictures\Thumbs.db Object is locked skipped
C:\Documents and Settings\Nate\My Documents\My Pictures\untitled....bmp Object is locked skipped
C:\Documents and Settings\Nate\My Documents\My Pictures\untitled...bmp Object is locked skipped
C:\Documents and Settings\Nate\My Documents\My Pictures\untitled..bmp Object is locked skipped
C:\Documents and Settings\Nate\My Documents\My Pictures\untitled.0..bmp Object is locked skipped
C:\Documents and Settings\Nate\My Documents\My Pictures\untitled.bmp Object is locked skipped
C:\Documents and Settings\Nate\My Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\My Documents\Nathaniel Stanley.docx Object is locked skipped
C:\Documents and Settings\Nate\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Nate\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Nate\ntuser.ini Object is locked skipped
C:\Documents and Settings\Nate\order.txt Object is locked skipped
C:\Documents and Settings\Nate\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Recent\My Pictures.lnk Object is locked skipped
C:\Documents and Settings\Nate\Recent\Nathaniel Stanley.lnk Object is locked skipped
C:\Documents and Settings\Nate\Recent\untitled....lnk Object is locked skipped
C:\Documents and Settings\Nate\Recent\untitled...lnk Object is locked skipped
C:\Documents and Settings\Nate\Recent\untitled..lnk Object is locked skipped
C:\Documents and Settings\Nate\Recent\untitled.0..lnk Object is locked skipped
C:\Documents and Settings\Nate\Recent\untitled.lnk Object is locked skipped
C:\Documents and Settings\Nate\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Nate\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Nate\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\SendTo\Drag-to-Disc Drive (D).lnk Object is locked skipped
C:\Documents and Settings\Nate\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Nate\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Dell Accessories\Express Service Code.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Outerinfo\Terms.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Outerinfo\Uninstall.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Startup\Bat - Auto Update.lnk Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Nate\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Nate\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Nate\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Nate\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Nate\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Nate\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Nate\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Nate\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Nate\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Nate\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Nate\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Nate\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Nate\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Shateisha\Application Data\Adobe\Acrobat\8.0\AdobeCMapFnt08.lst Object is locked skipped
C:\Documents and Settings\Shateisha\Application Data\Adobe\Acrobat\8.0\AdobeSysFnt08.lst Object is locked skipped
C:\Documents and Settings\Shateisha\Application Data\Adobe\Acrobat\8.0\JavaScripts\glob.js Object is locked skipped
C:\Documents and Settings\Shateisha\Application Data\Adobe\Acrobat\8.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\Shateisha\Application Data\Adobe\Acrobat\8.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\Shateisha\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Shateisha\Application Data\FaxCtr&
  • 0

#11
ourwilly

ourwilly

    Trusted Helper

  • Retired Staff
  • 768 posts
Hello AmzngMo

It appears the last report may have also been cut away, for now please follow these instructions

Download AVG Anti-Spyware v7.5 and save it to your Desktop <- (Important! Vista Users should install from that same location).
(This is Ewido 4.0 renamed and updated with a special "clean driver" for removing persistent malware.)
  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

Please reboot your computer and enter Safe Mode (tap the F8 key just before Windows starts to load, then select Safe Mode).

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Do not automatically generate reports".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
  • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the :Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you performed, select "Save report as" and save to your desktop. The default file name will be in date/time format: Report-Scan-200706-1606. A copy of each report will be saved in C:\Documents and Settings\<user profile>\Application Data\Grisoft\AVG Antispyware 7.5\Reports.
  • If you installed AVG AS over a previous version, reports are saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • If you are a Vista user, reports are saved in C:\Users\<username>\AppData\Roaming\Grisoft\AVG Antispyware 7.5\Reports\
Exit AVG Anti-Spyware when done, reboot normally and post the AVg log report and a new HijackThis log.

Thank you
  • 0

#12
AmzngMo

AmzngMo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
AVG Scan Report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:25:48 AM 3/28/2008

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo -> Adware.Generic : Cleaned with backup (quarantined).
C:\SDFix\backups\backups.zip/backups/Yazzle1552OinUninstaller.exe -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP21\A0006755.exe -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0006822.exe -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP22\A0006844.exe -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Home\Cookies\[email protected][1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][3].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][3].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][2].txt -> TrackingCookie.Msn : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Home\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end

HijackThis Report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:01 AM, on 3/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080225
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [lxczbmgr.exe] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL WIKI.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 8983 bytes
  • 0

#13
ourwilly

ourwilly

    Trusted Helper

  • Retired Staff
  • 768 posts
Hello AmzngMo

Thats great, the AVG scan results look good and so does your HijackThis log for this "Home" user account. :)

Can you please Update Java:
Go here and download the latest version of Java:
http://java.sun.com/...loads/index.jsp
Go to Start > Control Panel double-click Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
Select any found and click Remove.
Then install the version you downloaded earlier.

I went and deleted all of the temporary internet files from all users and that significantly lowered the file size

May I see a new Kasperkey scan log please, I would like to suggest running ATF-Cleaner on every user Account before running the online scanner as this would help.. :)

Please note that your last Kasperkey log was cut short if you have problems posting the entire log results then please split the log into smaller sections when replying....

Thank you.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP