Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32.trojandownloader.Agent [RESOLVED]


  • This topic is locked This topic is locked

#1
1324

1324

    Member

  • Member
  • PipPipPip
  • 135 posts
Hi,
My computer has been getting progressively "laggier" over the last two weeks. I have Norton Anti-virus run everynight and it never showed a virus, although it occaisionally identified a tracking cookie. I ran Ad-Aware and it found the Win32.downloader.Agent virus. I was unable to delete the virus after repeated attempts. The following are the logs that I have saved. Thanks in advance for your help.
Rich

Malwarebytes' Anti-Malware 1.12
Database version: 737

Scan type: Quick Scan
Objects scanned: 50150
Time elapsed: 11 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\diablo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Screensavers.com (Adware.Comet) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\diabunin.exe (Trojan.FakeAlert) -> Quarantined and deleted successful
============================================================
SUPERAntiSpyware Scan Log
Generated 05/10/2008 at 09:47 AM

Application Version : 3.6.1000

Core Rules Database Version : 3190
Trace Rules Database Version: 1449

Scan type : Complete Scan
Total Scan Time : 02:14:00

Memory items scanned : 499
Memory threats detected : 0
Registry items scanned : 7306
Registry threats detected : 0
File items scanned : 117553
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\HP_Owner\Cookies\[email protected][2].
=====================================================
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-11 06:11:51
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Norton Internet Security 15.0.0.60 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00101555 Application/KillApp.B HackTools No 0 Yes No C:\hp\bin\KillIt.exe
00520936 Application/ViewPoint HackTools No 0 No No C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1179\A0234470.exe[ViewBarBHO.dll]
02883509 Application/ViewPoint HackTools No 0 Yes No C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1179\A0234470.exe
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location l
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description l
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================

=======================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:51:50 AM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.c...j5Snhyi9vfCKK0=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1340C00E-B1FF-4117-B993-E58FF774A605} (CLaunchRBO10 Object) - http://www.playrealb...BO_v1.1.0.0.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1187439576953
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: My Current Home Page - About:Home

--
End of file - 12895 bytes
====================

Also, when I ran Mawarebytes Anti-Malware it did remove 8 items. I am running with Windows XP Service Pack 2 (updated on 4/11/08). The unstall list follows.

Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe PhotoDeluxe 2.0
Adobe Photoshop Elements 6.0
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
Agere Systems PCI Soft Modem
AIM 6
AIM Toolbar 5.0
AnswerWorks 4.0 Runtime - English
AOL Instant Messenger
AppCore
AT&T Yahoo! Applications
Battle.net
Boggle
Boggle Supreme (remove only)
BounceBack Express
BroadJump Client Foundation
Cal Ripken's Real Baseball
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
ccCommon
Component Framework
Corel Applications
DiscWizard for Windows
GoldWave v5.20
Google Toolbar for Internet Explorer
Greeting Card Creator 32
Help and Support Additions
Heroes™ II Gold
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HOTLLAMA Media Player - Setup
HP Deskjet Preloaded Printer Drivers
HP Image Zone 4.2
HP Image Zone Plus 4.2
hp instant support
HP Memories Disc
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP Photo and Imaging 2.2 - Scanjet 3970 Series
hp photosmart 7600 series
HP PSC & OfficeJet 4.0
HP Software Update
HPIZ402
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iPod for Windows 2006-03-23
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
KBD
L&H TTS3000 British English
Learn2 Player (Uninstall Only)
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MySpaceIM
Network Play System (Patching)
Nikon Message Center
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA GART Driver
Panda ActiveScan 2.0
PC-Doctor for Windows
Photosmart 320,370,7400,8100,8400 Series
PictureProject
PolderbitS Sound Recorder and Editor
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealPlayer
RegAlyzer
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB947801)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Sonic RecordNow!
SPBBC 32bit
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
StumbleUpon IE Toolbar
SUPERAntiSpyware Free Edition
Symantec KB-DocID:2003093015493306
SymNet
TrueSwitch Wizard SBC
TurboTax Premier 2007
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Office 2007 (KB946691)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Word 2007 (KB934173)
Updates from HP
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086

Please let me know if you need any additional info and I will try to get it for you. I look forward to your response. Thanks again,
Rich
  • 0

Advertisements


#2
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi 1324,

Sorry for the delay, the forums are very busy and inevitably some logs slip through the cracks.

I would like to take a fresh look at your PC.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a seperate reply.
  • 0

#3
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Mike,
The following is the extra.txt
Thannks for your help.
Rich

Attached File  extra.txt   27.9KB   68 downloads
  • 0

#4
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Mike,
I'm not sure you got the main.txt
Rich

Attached File  main.txt   28.14KB   126 downloads
  • 0

#5
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there 1324,

Please follow my instructions in the order they were given, if you come across something you don't understand or don't feel comfortable doing, don't hesitate to ask and I will get you sorted out :)


Preparation

I will need you to temporarily disable Ad-Aware and Spybot Search and Destroy as they could conflict with our fixes.

Ad-Aware Ad-Watch

1. Right click on the Ad-Watch icon in the system tray.
2. At the bottom of the screen there will be two checkable items called "Active" and "Automatic".

Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically

3. Uncheck both of those boxes.

Spybot S&D (Teatimer)

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Step 1. Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Step 2. Making a Batch File

Open notepad by going to START > RUN and type notepad.exe in the box that appears. In the window that pops up please copy and paste the following

@ECHO off
sc stop "Viewpoint Manager Service"
sc delete "Viewpoint Manager Service"
exit


In Notepad click on the "File" menu > Save As... Under "File name" type fix.bat and Change "Save as type" to All Files, save it to a place you will remember.

Posted Image

Double click on fix.bat.

Step 3. Fixes with Hijack This

Please go to Start, Control Panel, then Add or Remove Programs and Uninstall:

Viewpoint Manager (Remove Only)
Viewpoint Media Player


Please alert me of any entries you do not recognize.

This entry: O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto Tells me that you are running "Selective Startup", meaning you have items unticked in msconfig. Please enable all startup items before you re-scan with Hijack This

Please open HijackThis again and choose "Do a system scan only". Please put a check next to each of the following entries (if still present):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.c...j5Snhyi9vfCKK0=
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O15 - Trusted Zone: *.stumbleupon.com
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: My Current Home Page - About:Home

Please only fix the entry in red if you have not set any restrictions on Internet Explorer.

Now please close all open windows except HJT and press "Fix checked".

Step 4. Running OTMoveIt2

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\windows\ALCXMNTR.EXE
     C:\Windows\System32\SCVHSOT.exe
     HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{46fc9daa-3961-11dc-a4a0-00038a000015}
     HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\D
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Step 5. Running MalwareByte's Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 6. Running an online Scan

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please run a free online scan with Kaspersky AntiVirus (works only with MS Internet Explorer 5.0 or higher).
Go to http://www.kaspersky.com/virusscanner and click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").
  • In the new window that opens, click the "Accept" button to accept the user agreement, install the ActiveX control, and download the program.
  • When you get the Windows dialog asking if you want to install this software, click the "Install" button.
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button lights up with a green arrow, click it.
  • Click on the "Scan Settings" button, and in the next window select the "extended" database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window, and post the text in kavscan.txt in your next reply.

In your next reply

Please post the log from OTMoveIt2.
Please post the log from MalwareBytes' AntiMalware.
Please post the log from Kaspersky online.
Please post a new hijack this log AFTER running the above programs.

If the logs are to big to fit in one reply please spread them out over multiple replies. Please do not attach the logs, post them in the thread directly!
  • 0

#6
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Mike,
Ad-Aware is not an icon in my system tray. I do not subscribe to Ad-Watch (although it is on my desktop). Should I just uninstall Ad-Aware? Please advise.
Thanks,
  • 0

#7
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi 1324,

You do not need to uninstall Ad-Aware, it is a very good program and won't do any harm to your computer, but if you are not using it you can safely remove it as it won't help unless its running. Please go ahead and proceed with the next steps :)

Mike

Edited by Mike, 17 May 2008 - 12:35 PM.

  • 0

#8
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Mike,
I got to step 4 but when I clicked on your link this is the message i received:
Internet Explorer cannot display the webpage

Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.

What you can try:
Diagnose Connection Problems

More information

This problem can be caused by a variety of issues, including:

Internet connectivity has been lost.
The website is temporarily unavailable.
The Domain Name Server (DNS) is not reachable.
The Domain Name Server (DNS) does not have a listing for the website's domain.
If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.

For offline users

You can still view subscribed feeds and some recently viewed webpages.
To view subscribed feeds

Click the Favorites Center button , click Feeds, and then click the feed you want to view.

To view recently visited webpages (might not work on all pages)

Click Tools , and then click Work Offline.
Click the Favorites Center button , click History, and then click the page you want to view.

Please advise,
Thanks,
Rich
  • 0

#9
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi 1324,

The website where that tool is hosted was down for a while, could you try again please? It should work now.

Edited by Mike, 18 May 2008 - 03:04 AM.

  • 0

#10
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Hi Mike,

Here is the OTMoveit2 log:

C:\windows\ALCXMNTR.EXE
C:\Windows\System32\SCVHSOT.exe
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\{46fc9daa-3961-11dc-a4a0-00038a000015}
HKCU\software\microsoft\windows\currentversion\explorer\mountpoints2\D

Rich
  • 0

Advertisements


#11
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Mike,
here is the Malwarebytes log:

Malwarebytes' Anti-Malware 1.12
Database version: 760

Scan type: Quick Scan
Objects scanned: 51874
Time elapsed: 11 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Rich
  • 0

#12
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Mike,
Kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 18, 2008 2:29:50 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/05/2008
Kaspersky Anti-Virus database records: 782869
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 127713
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 02:35:27

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\425521974bfa34363d90233d352ac02b_a840c9b7-6ad3-4cd8-92a1-12db4c1a4193 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\ccSubSDK\submissions.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\volatile.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{086BE0BA-B073-4D66-AB39-D3C341E90CC4}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{37B419F6-A35E-4293-8C8B-EE83B6213149}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{80E3FCAA-E22B-4632-A201-48F26AFD5E64}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\{C57C2B2A-7517-444D-8217-73B88A6D562C}.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-05-18_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{4A725E82-04DF-42CA-9978-8AB468700DC8}.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\Shl_{4A725E82-04DF-42CA-9978-8AB468700DC8}.sds Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\24D17112.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\CDB6473B.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\E5C89620.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\HP_Owner\Application Data\Symantec\NPMDataStore\CIMStore.xml Object is locked skipped
C:\Documents and Settings\HP_Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\data\IAmGoneSpecialCases\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DF56D6.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temp\~DFF691.tmp Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\folder\about that.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\folder\background.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\folder\bored.bmp Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\folder\bored.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\folder\Desktop.ini Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\folder\matt.bmp Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\folder\okay.bmp Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\folder\stencil.bmp Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\folder\stomach.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\folder\stufff.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\folder\Thumbs.db Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\folder\turnabout2.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\folder\untitled.bmp Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\folder\yep.bmp Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\folder\yes.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\folder\ZbThumbnail.info Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\folder\zzz delete.GIF Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Spring Break 2006\Night at Kristy's\Buttercup.bmp Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Spring Break 2006\Night at Kristy's\light switch.bmp Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Spring Break 2006\Night at Kristy's\Mike and Rob.bmp Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Spring Break 2006\Night at Kristy's\Mike.bmp Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Spring Break 2006\Night at Kristy's\Rob.bmp Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Spring Break 2006\Night at Kristy's\silly.bmp Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Spring Break 2006\Night at Kristy's\Thumbs.db Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Spring Break 2006\Night at Kristy's\wink.bmp Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Spring Break 2006\Night at Kristy's\ZbThumbnail.info Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0033\DSCN2652.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0033\Perfectly Plastic.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0033\Thumbs.db Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0033\ZbThumbnail.info Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0053\baby pumpkin.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0053\DSCN3859.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0053\DSCN3874.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0053\Thumbs.db Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0053\ZbThumbnail.info Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0069\DSCN4423.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0069\DSCN4424.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0069\DSCN4425.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0069\man.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0069\RSCN4422.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0069\Thumbs.db Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0069\ZbThumbnail.info Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0076\DSCN4598.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0076\DSCN4601.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0076\DSCN4603.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0076\Thumbs.db Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0076\ZbThumbnail.info Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0086\DSCN5049.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0086\DSCN5051.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0086\DSCN5061.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0086\Thumbs.db Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0086\yeah yeah.bmp Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0086\yeah yeah.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0086\ZbThumbnail.info Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0090\DSCN5234.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0090\DSCN5235.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0090\DSCN5240.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0090\DSCN5241.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0090\DSCN5242.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0090\DSCN5243.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0090\DSCN5244.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0090\DSCN5245.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0090\DSCN5246.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0090\DSCN5247.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0090\DSCN5266.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0090\DSCN5276.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0090\Thumbs.db Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0090\ZbThumbnail.info Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0092\DSCN5366.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0092\DSCN5371.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0092\DSCN5372.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0092\DSCN5376.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0092\DSCN5378.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0092\picture.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0092\Thumbs.db Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0092\ZbThumbnail.info Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0094\Mike Patton.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0094\Thumbs.db Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0094\ZbThumbnail.info Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0107\DSCN6424.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0107\DSCN6447.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0107\DSCN6478.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0107\Thumbs.db Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0107\windblown.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0107\z purple.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0107\ZbThumbnail.info Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0111\DSCN6643.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0111\DSCN6658.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0111\DSCN6664.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0111\DSCN6671.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0111\Thumbs.db Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0111\ZbThumbnail.info Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\black and white.bmp Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\DSCN6848.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\DSCN6849.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\DSCN6850.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\DSCN6851.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\DSCN6852.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\DSCN6853.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\DSCN6854.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\DSCN6855.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\DSCN6856.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\DSCN6857.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\DSCN6858.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\DSCN6859.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\DSCN6875.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\DSCN6877.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\DSCN6879.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\DSCN6880.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\DSCN6886.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\punk rawk color.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\punk rawk.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\Thumbs.db Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\0114\ZbThumbnail.info Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\2007_03_13\IMG_0175.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\2007_03_13\IMG_0176.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\2007_03_13\IMG_0180.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\2007_03_13\Thumbs.db Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\2007_03_13\ZbThumbnail.info Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\angry movie star 2.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\angry movie star.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\attention [bleep].JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Boredom\DSCN4279.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Boredom\DSCN4282.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Boredom\DSCN4287.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Boredom\DSCN4290.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Boredom\DSCN4292.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Boredom\DSCN4294.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Boredom\DSCN4295.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Boredom\fashionable.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Boredom\Thumbs.db Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Boredom\tribal.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Boredom\ZbThumbnail.info Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\cousin it.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\DSCN0982.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\DSCN1233.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\DSCN7484.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\DSCN7517.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\joker.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\lame.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\movie star 2.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\oh my goodness.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Oh my.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\shocked movie star.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Thumbs.db Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Z trail.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\ZbThumbnail.info Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Zzz\DSCN3294.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Zzz\DSCN3295.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Zzz\DSCN3296.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Zzz\DSCN3297.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Zzz\DSCN3302.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Zzz\fish face.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Zzz\smaller.JPG Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Zzz\Thumbs.db Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Pictures\Stoopid stuff\Zzz\ZbThumbnail.info Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\1 layout design.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\123 Police.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\2005.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Admission Essay.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\alcohol interview.doc Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Aquabats paper.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Art Final.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Artist Statement.doc Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\asdfasd.rtf Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\band paper 2.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Band paper.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Boring.htm Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Bridges.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Buddy List.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Cambodia.rtf Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Catcher In The Rye 2.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Catcher In The Rye.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\characters.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Computer Lingo.htm Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Cuckoo's Nest.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Cuckoo's.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Dan Mix 4 Tracklist.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Document.rtf Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Dr. Phil Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\emails.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Emo.rtf Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\english final.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\english.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\essay.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\evidence.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\final outline.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\final.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\foo.rtf Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\friends story.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\friends.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\gay.rtf Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Girl.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Great Gatsby.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\homework 2.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\homework.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\L-O-L.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\lame outline.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Life and Living It.htm Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\life.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\mcdonalds.rtf Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Microsoft Sam lyrics.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\MLA.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Newspaper.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\one flew over.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Persuasive Speech Outline.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\persuasive works cited.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\picture story.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\pictures.htm Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\punk rock rap.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\quotes.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Rob Admits.htm Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Safe Sex Bibliography.doc Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\sax.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\school.rtf Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Sex Speech.docx Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\sheet music.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\shroom story.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\shrooms.rtf Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\ska band list.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\ska paper.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Sociology Music.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Sociology Notes.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Sociology Pictures.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Soundtrack 2.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Soundtrack.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\speech outline.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\story.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Streetlight Paper.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Survey Results.docx Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Teenage Drama.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\The Corperation.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\thecorp.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\track list.htm Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\tracklist.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\true love.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\US History intro.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\US History.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\we are hardcore.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\weird.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Who Am I.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Whoa.htm Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\works cited.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\Z rap.wps Object is locked skipped
C:\Documents and Settings\Kristy\My Documents\My Word Documents\zz the end.wps Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\L0000042.FCS Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\storydb.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1206\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\etc\Hosts.bak Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JET7109.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1206\change.log Object is locked skipped

Scan process completed.

Lots of stuff from my kids that seems "locked". Is that an issue?

Thanks,
Rich
  • 0

#13
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Mike,

...and finally the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:32:18 PM, on 5/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
c:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Axaware\BounceBully\BounceBully.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\CMS Peripherals\BounceBack Express\BBLauncher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Bounce Bully] "C:\Program Files\Axaware\BounceBully\BounceBully.exe" startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe (User 'Default user')
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1340C00E-B1FF-4117-B993-E58FF774A605} (CLaunchRBO10 Object) - http://www.playrealb...BO_v1.1.0.0.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1187439576953
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Unknown owner - C:\Program Files\Canon\CAL\CALMAIN.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 16437 bytes

What's next Mike?

Thanks,
Rich
  • 0

#14
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there Rich,

Congratulations your logs look clean!

If you want to speed up your computer a bit you can fix these lines with Hijack This:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BounceBack Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe


Step 1. Running CleanUp!

Let's remove the tools I had you use.

Please open OTMoveIt2:
  • Double click OTMoveIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.

The below steps have some important tips on how to stay safe and keep up-to-date, so be sure to read it!

Step 2. Flushing old Restore Points and creating a new one

Right-click on "My Computer." The "System Properties" dialogue box will appear, showing a number of tabs. From here you can reset System Restore and configure Automatic Updates.

First, click the System Restore tab.

* Check the box beside "Turn off System Restore"
* Click "Apply"
* At the prompt, click "Yes"

Wait while your system deletes existing Restore Points, this may take a few moments.

* Uncheck the box beside "Turn off System Restore"
* Click "Apply"
* At the prompt, click "Yes"

Your system will now create a new Restore Point.

Step 3. Configuring Automatic Updates

Click the Automatic Updates tab. Choose the update option that best suits your needs, but be sure that Automatic Updates is not turned off. Windows XP will now notify you and download important updates and security patches as they become available.
Click "OK" to save your new settings and close the System Properties dialogue.

Step 4. Preventing future infection

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
http://www.spywarewa...uc/resource.htm

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.o...oducts/firefox/

Also make sure to run your antivirus software regularly, and to keep it up-to-date.

There are many programs that can be used for your protection, most falling within the three main categories of anti-virus, anti-spyware and firewall. Please be careful to never run more than one program of the same category in resident mode, as conflicts between the different programs can actually decrease your protection.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. :)

Please post back and tell me if everything is OK, so that I may mark this thread as Resolved.
  • 0

#15
1324

1324

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 135 posts
Mike,
This is great. I do have one more question, when you say "If you want to speed up your computer a bit you can fix these lines with Hijack This:" does that mean you want me to check the box of any of those "04" items you have listed and then click on "fix checked"?
Thanks,
Rich
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP