Here are the files from the DSS and Kapersky.
I will look forward to the next step.
Rick
========================================================
Deckard's System Scanner v20071014.68
Run by Rick on 2008-07-28 20:27:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
8: 2008-07-29 00:27:24 UTC - RP38 - Deckard's System Scanner Restore Point
7: 2008-07-28 01:55:30 UTC - RP37 - 727Resore
6: 2008-07-27 19:51:43 UTC - RP36 - Installed Ad-Aware
5: 2008-07-26 21:10:56 UTC - RP35 - Software Distribution Service 3.0
4: 2008-07-04 12:52:16 UTC - RP34 - System Checkpoint
-- First Restore Point --
1: 2008-06-25 16:36:28 UTC - RP31 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Rick.exe) ------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:49 PM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\Rick\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Rick.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070122
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://my.att.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.comR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070122
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=58813O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1204775592260O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1204775581338O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 8051 bytes
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - AutoCADScript - shell\open\command - C:\WINDOWS\NOTEPAD.EXE "%1"-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 DSproct - c:\program files\dell support\gtaction\triggers\dsproct.sys <Not Verified; GTek Technologies Ltd.; processt>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-06-28 and 2008-07-28 -----------------------------
2008-07-27 21:56:53 0 d-------- C:\Documents and Settings\Rick\Application Data\Malwarebytes
2008-07-27 21:56:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-27 21:56:48 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-27 21:56:23 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-27 17:13:48 0 dr-h----- C:\Documents and Settings\Rick\Recent
2008-07-27 17:08:04 0 d-------- C:\Documents and Settings\Rick\Application Data\AdobeUM
2008-07-27 16:05:57 0 d-------- C:\Documents and Settings\Rick\Application Data\Help
2008-07-27 15:51:47 0 d-------- C:\Program Files\Lavasoft
2008-07-27 15:51:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 15:51:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-27 15:42:51 0 d-------- C:\Program Files\CCleaner
2008-07-26 17:13:14 0 d-------- C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
2008-07-26 15:02:13 16384 --a------ C:\WINDOWS\system32\gwxpp1us.dll <Not Verified; Novell, Inc.; Novell GroupWise>
2008-07-26 15:02:13 24576 --a------ C:\WINDOWS\system32\gwshl1us.dll <Not Verified; Novell, Inc.; GroupWise Shell Integration>
2008-07-26 15:02:13 16384 --a------ C:\WINDOWS\system32\gwodmus.dll <Not Verified; Novell, Inc.; Novell GroupWise>
2008-07-26 15:02:13 16384 --a------ C:\WINDOWS\system32\gwmsp1us.dll <Not Verified; Novell, Inc.; Novell GroupWise>
2008-07-26 15:02:13 196608 --a------ C:\WINDOWS\system32\gwenl1us.dll <Not Verified; Novell, Inc.; Novell GroupWise>
2008-07-26 15:02:13 53248 --a------ C:\WINDOWS\system32\gwabs1us.dll <Not Verified; Novell, Inc.; Novell GroupWise>
2008-07-26 15:02:12 73728 --a------ C:\WINDOWS\system32\ldapx.dll <Not Verified; Novell, Inc.; Novell LDAP C APIs>
2008-07-26 15:02:12 487424 --a------ C:\WINDOWS\system32\ldapssl.dll <Not Verified; Novell, Inc.; Novell LDAP C APIs>
2008-07-26 15:02:12 262144 --a------ C:\WINDOWS\system32\ldapsdk.dll <Not Verified; Novell, Inc.; Novell LDAP C APIs>
2008-07-26 15:02:12 53248 --a------ C:\WINDOWS\system32\gwabp1us.dll <Not Verified; Novell, Inc.; Novell GroupWise>
2008-07-26 15:02:12 57344 --a------ C:\WINDOWS\system32\gwabl1us.dll <Not Verified; Novell, Inc.; Novell GroupWise>
2008-07-26 15:02:11 1499207 --a------ C:\WINDOWS\system32\xgmsg10.dll <Not Verified; Novell, Inc.; Novell GroupWise>
2008-07-26 15:02:10 503877 --a------ C:\WINDOWS\system32\xgdm10.dll <Not Verified; Novell, Inc.; Novell GroupWise>
2008-07-26 15:02:10 249927 --a------ C:\WINDOWS\system32\xgcal10.dll <Not Verified; Novell, Inc.; Novell GroupWise>
2008-07-26 15:02:10 696391 --a------ C:\WINDOWS\system32\xgbas10.dll <Not Verified; Novell, Inc.; Novell GroupWise>
2008-07-26 15:02:09 491589 --a------ C:\WINDOWS\system32\xgab10.dll <Not Verified; Novell, Inc.; Novell GroupWise>
2008-07-26 15:02:09 155700 --a------ C:\WINDOWS\system32\odma32.dll
2008-07-26 15:02:09 196662 --a------ C:\WINDOWS\system32\gwxpp132.dll
2008-07-26 15:02:08 1749057 --a------ C:\WINDOWS\system32\gwxis10.dll <Not Verified; Novell, Inc.; GroupWise XML Intergration Service>
2008-07-26 15:02:07 1355840 --a------ C:\WINDOWS\system32\gwwww1.dll <Not Verified; Novell, Inc.; Novell GroupWise>
2008-07-26 15:02:06 74240 --a------ C:\WINDOWS\system32\gwuninst.dll
2008-07-26 15:02:06 24644 --a------ C:\WINDOWS\system32\gwshlsnd.exe <Not Verified; ; GWCNNSND Application>
2008-07-26 15:02:06 28740 --a------ C:\WINDOWS\system32\gwshlimp.exe <Not Verified; ; GWCNNIMP Application>
2008-07-26 15:02:06 45124 --a------ C:\WINDOWS\system32\gwshlext.dll <Not Verified; ; GWSHLEXT Dynamic Link Library>
2008-07-26 15:02:06 303166 --a------ C:\WINDOWS\system32\gwodm132.dll
2008-07-26 15:02:06 331830 --a------ C:\WINDOWS\system32\gwmsp132.dll <Not Verified; Novell, Inc.; Novell GroupWise>
2008-07-26 15:02:05 98354 --a------ C:\WINDOWS\system32\gwldo132.dll
2008-07-26 15:02:03 5935157 --a------ C:\WINDOWS\system32\gwenv1.dll <Not Verified; Novell, Inc.; Novell GroupWise>
2008-07-26 15:02:02 36932 --a------ C:\WINDOWS\system32\gwcnndll.dll <Not Verified; ; GWCNNDLL Dynamic Link Library>
2008-07-26 15:02:01 757818 --a------ C:\WINDOWS\system32\gwadd1.dll
2008-07-26 15:02:01 282673 --a------ C:\WINDOWS\system32\gwabs132.dll
2008-07-26 15:02:01 299057 --a------ C:\WINDOWS\system32\gwabp132.dll <Not Verified; Novell, Inc.; Novell GroupWise>
2008-07-26 15:02:00 217138 --a------ C:\WINDOWS\system32\gwabl132.dll
2008-07-26 15:01:19 0 d-------- C:\Novell
2008-07-26 14:57:02 280064 --a------ C:\WINDOWS\system32\csta32.dll <Not Verified; Lucent Technologies; Telephony Services>
2008-07-26 14:56:37 0 d-------- C:\WINDOWS\FORMS
-- Find3M Report ---------------------------------------------------------------
2008-07-27 21:56:23 0 d-------- C:\Program Files\Common Files
2008-07-27 16:54:11 0 d-------- C:\Program Files\Trend Micro
2008-07-27 15:17:44 0 d-------- C:\Program Files\AutoCAD R14
2008-07-26 14:56:35 0 d-------- C:\Program Files\Windows NT
2008-06-25 12:05:31 0 d-------- C:\Documents and Settings\Rick\Application Data\Macromedia
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [09/29/2005 04:01 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/13/2005 06:44 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/13/2005 06:41 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/13/2005 06:45 PM]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [11/22/2006 07:35 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 06:30 PM C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [08/03/2006 08:51 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/08/2006 01:48 PM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [11/21/2006 02:02 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 03:05 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 06:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 06:50 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [01/22/2007 02:10 AM]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [08/22/2006 05:32 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 04:24 AM]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [08/04/2006 06:15 PM]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [08/28/2006 11:57 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 07:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/03/2007 01:42 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/22/2007 2:02:31 AM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [5/4/2005 12:07:32 AM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe
-- End of Deckard's System Scanner: finished at 2008-07-28 20:29:36 ------------
====================================================================
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Genuine Intel® CPU T2050 @ 1.60GHz
CPU 1: Genuine Intel® CPU T2050 @ 1.60GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 1014.37 MiB / 348 MiB
Pagefile Memory (total/avail): 2441.18 MiB / 1880.72 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1933.65 MiB
C: is Fixed (NTFS) - 67.83 GiB total, 52.13 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - SAMSUNG HM080HI - 74.53 GiB - 4 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 67.83 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 2047.35 MiB
\PARTITION3 - Unknown - 4.64 GiB
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: PC-cillin Internet Security - Firewall v14 (Trend Micro, Inc.)
AV: PC-cillin Internet Security - Virus Protection v14.60.1206 (Trend Micro, Inc.)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\Novell\\GroupWise\\grpwise.exe"="C:\\Novell\\GroupWise\\grpwise.exe:*:Enabled:GroupWise"
"C:\\Novell\\GroupWise\\notify.exe"="C:\\Novell\\GroupWise\\notify.exe:*:Enabled:GroupWise Notify"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Rick\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AMTP1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Rick
LOGONSERVER=\\AMTP1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Rick\LOCALS~1\Temp
TMP=C:\DOCUME~1\Rick\LOCALS~1\Temp
USERDOMAIN=AMTP1
USERNAME=Rick
USERPROFILE=C:\Documents and Settings\Rick
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
James Randall
(admin)Assoc Mktg Theory Pr
(admin)James Randall_2
(new local, admin)Rick
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
AutoCAD R14.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\AutoCAD R14\DeIsL1.isu"
Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Black & White® 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x9 -removeonly
Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Corel Snapfire Plus --> MsiExec.exe /I{7ADE3A47-B425-45E9-8FF6-11BE2B775645}
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Support 3.2.1 --> MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EarthLink Setup Files --> MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GroupWise --> C:\WINDOWS\IsUninst.exe -fC:\Novell\GroupWise\DeIsL1.isu -cC:\WINDOWS\system32\gwuninst.dll
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix 2050 for SQL Server 2000 ENU (KB948110) --> "C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaDirect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x9 -cluninstall
Microsoft Office Outlook 2003 with Business Contact Manager Update --> MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Sandlot Games Client Services 1.2.2 --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
SearchAssist --> C:\DELL\SearchAssist\UninstSA.bat
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Symantec System Center --> MsiExec.exe /I{828886CB-B3FC-40E1-8EB6-382401CF9FAE}
Symantec System Center --> MsiExec.exe /I{828886CB-B3FC-40E1-8EB6-382401CF9FAE}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trend Micro PC-cillin Internet Security 14 --> C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe
Trend Micro PC-cillin Internet Security 14 --> MsiExec.exe /X{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant --> regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows NT Messaging --> RunDll32 setupapi.dll,InstallHinfSection Uninstall 4 MSMail.inf
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908250 --> "C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067 -->
Yahoo! Music Jukebox --> MsiExec.exe /X{7C49EA42-5647-4051-84C2-E6404F25A931}
-- Application Event Log -------------------------------------------------------
Event Record #/Type1118 / Warning
Event Submitted/Written: 07/28/2008 08:15:56 PM
Event ID/Source: 19011 / MSSQL$MICROSOFTSMLBIZ
Event Description:
(SpnRegister) : Error 1355
Event Record #/Type1113 / Warning
Event Submitted/Written: 07/28/2008 06:33:40 AM
Event ID/Source: 19011 / MSSQL$MICROSOFTSMLBIZ
Event Description:
(SpnRegister) : Error 1355
Event Record #/Type1104 / Warning
Event Submitted/Written: 07/27/2008 10:08:15 PM
Event ID/Source: 19011 / MSSQL$MICROSOFTSMLBIZ
Event Description:
(SpnRegister) : Error 1355
Event Record #/Type1097 / Warning
Event Submitted/Written: 07/27/2008 09:45:03 PM
Event ID/Source: 19011 / MSSQL$MICROSOFTSMLBIZ
Event Description:
(SpnRegister) : Error 1355
Event Record #/Type1090 / Warning
Event Submitted/Written: 07/27/2008 04:09:34 PM
Event ID/Source: 19011 / MSSQL$MICROSOFTSMLBIZ
Event Description:
(SpnRegister) : Error 1355
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type4399 / Warning
Event Submitted/Written: 07/27/2008 04:16:45 PM / 07/27/2008 04:16:46 PM
Event ID/Source: 4 / bcm4sbxp
Event Description:
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.
Event Record #/Type4356 / Warning
Event Submitted/Written: 07/27/2008 03:09:48 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type4304 / Warning
Event Submitted/Written: 07/26/2008 04:12:44 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type4196 / Warning
Event Submitted/Written: 07/02/2008 11:51:56 AM
Event ID/Source: 4 / bcm4sbxp
Event Description:
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.
-- End of Deckard's System Scanner: finished at 2008-07-28 20:29:36 ------------
=============================================================
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 29, 2008 5:08:31 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/07/2008
Kaspersky Anti-Virus database records: 1023831
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 48809
Number of viruses found: 7
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 00:54:24
Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\Rick\LOCALS~1\Temp\DRDld\mbam-setup.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-1523232686-1510183157-3133499604-1006.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-1523232686-1510183157-3133499604-1006u.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-1523232686-1510183157-3133499604-1007u.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-1523232686-1510183157-3133499604-1008u.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-1523232686-1510183157-3133499604-500.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\TmPfw_S-1-5-21-1523232686-1510183157-3133499604-500.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\Temp\scan_S-1-5-21-1523232686-1510183157-3133499604-1007.ini Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Rick\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Rick\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Rick\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Rick\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Rick\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.72640 Infected: Hoax.Win32.Agent.eb skipped
C:\Documents and Settings\Rick\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt Object is locked skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rick\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Rick\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rick\Local Settings\History\History.IE5\MSHist012008072920080730\index.dat Object is locked skipped
C:\Documents and Settings\Rick\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rick\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Rick\ntuser.dat.LOG Object is locked skipped
C:\Downloads\MCFHuntsville-dm[1].exe Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP36\A0014771.dll Infected: Trojan-Downloader.Win32.Zlob.ted skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP36\A0014795.dll Infected: Trojan-Downloader.Win32.Zlob.ted skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP36\A0014817.dll Infected: Trojan-Downloader.Win32.Zlob.tej skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP36\A0014826.exe Infected: Trojan-Downloader.Win32.Zlob.tfg skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP36\A0014828.cpl Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.al skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP36\A0014839.exe Infected: Trojan-Downloader.Win32.Zlob.tei skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP37\A0014889.exe Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP39\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{44A9A0B5-C992-434B-B123-FC297F32C508}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E796B3BE-AE6F-4B6A-B8F6-C5FEC0821EBB}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_508.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.