Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • Please log in to reply
47 replies to this topic

#1 SandiWhitty

SandiWhitty

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 21 July 2007 - 10:13 PM

Windows will not start unless I choose the option to go back to a time when I had no problems. I have done everything I as supposed to do before posting a log. This is a copy of my hijackthis log. Thank you for your help. Sandi

Logfile of HijackThis v1.99.1
Scan saved at 23:12, on 2007-07-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\AOL\1124751606\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\msiexec.exe
c:\program files\common files\aol\1124751606\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\AOL Companion\companion.exe
c:\program files\common files\aol\1124751606\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Sandi Whitty\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124751606\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P0 "" /O0 "" /M "Stylus C80"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123090064156
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08C497A2-F422-482A-96AB-15A13E606EEE}: NameServer = 85.255.116.110,85.255.112.113
O17 - HKLM\System\CCS\Services\Tcpip\..\{094EABB2-33E1-46E8-B502-61AE816AF0B6}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.110 85.255.112.113
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:02:58 AM

Posted 30 July 2007 - 11:01 PM

Hi Sandi and welcome,

Sorry for delay. We get swamped here.

If you still need assistance, please post a fresh hijackthis log here.
Also let me know what else you tried to fix this.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#3 SandiWhitty

SandiWhitty
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 31 July 2007 - 07:11 AM

Blender, I understand how busy yall are. I still need help please. I've run SpyBot, AdAware and AVG virus programs. I deleted the RO and R1 in the previous hijack log. I restored my computer to an earlier time which hasn't helped. Windows will still not start normally and now I'm getting the BSOD pretty often. Thank you so much.

Here's a new HiJack log:

Logfile of HijackThis v1.99.1
Scan saved at 8:05:54 AM, on 7/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1124751606\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\America Online 9.0a\aoltray.exe
c:\program files\common files\aol\1124751606\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1124751606\ee\aolsoftware.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
c:\program files\common files\aol\1124751606\ee\anotify.exe
C:\Program Files\AOL Companion\companion.exe
C:\Documents and Settings\Sandi Whitty\Desktop\hijackthis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124751606\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P0 "" /O0 "" /M "Stylus C80"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123090064156
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{094EABB2-33E1-46E8-B502-61AE816AF0B6}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#4 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:02:58 AM

Posted 01 August 2007 - 05:02 AM

Hi,

The BHO you fixed was part of your Java.
You may want to restore that entry.

To restore that entry with Hijackthis do the following:

Open Hijackthis
Click "open misc tools section"
Click "view list of backups"

Locate this line, hilight it and click "restore" at right:

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

Affirm you want to restore it.

Click the "back" button so back at the Misc tools window.

Click "open uninstall manager"
Click "save list..."
Save the list someplace handy. I;ll need this log later.

Click "back" again so back at Misc tools" screen.
check both options beside "generate startuplist log" and generate the log.
Say OK & post results.

Please also post your uninstall_list.txt.

You might need 2 posts to get both logs in. These logs can be long.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#5 SandiWhitty

SandiWhitty
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 01 August 2007 - 12:27 PM

I reinstalled the BHO like you said.

Here's the startuplist:

StartupList report, 8/1/2007, 1:25:43 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Sandi Whitty\Desktop\hijackthis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1124751606\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1124751606\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1124751606\ee\aolsoftware.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\AOL Companion\companion.exe
C:\Documents and Settings\Sandi Whitty\Desktop\hijackthis.exe
C:\WINDOWS\notepad.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Sandi Whitty\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Zone Labs Client = C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
POINTER = point32.exe
nwiz = nwiz.exe /install
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
HostManager = C:\Program Files\Common Files\AOL\1124751606\ee\AOLSoftware.exe
AVG7_CC = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
AdaptecDirectCD = C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
Pure Networks Port Magic = "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

(Default) =

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[AutorunsDisabled]
Microsoft Works Update Detection = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
DellTouch = C:\WINDOWS\MMKeybd.exe
Ink Monitor = C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

[OTPWEB]
Launcher.exe = C:\Program Files\KODAK\One Touch To Better Pictures\Launcher.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[SysProWmi Class]
InProcServer32 = C:\WINDOWS\system32\Dell\SystemProfiler\SysPro.ocx
CODEBASE = http://support.dell.com/systemprofiler/SysPro.CAB

[{0335A685-ED24-4F7B-A08E-3BD15D84E668}]
CODEBASE = http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan60.ocx
CODEBASE = http://housecall60.trendmicro.com/housecall/xscan60.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.macromedia.com/pub/shock...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?LinkID=39204

[Windows Live Safety Center Base Module]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
CODEBASE = http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdat...b?1123090064156

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab

[Dell PC Checkup Installer Control]
InProcServer32 = C:\WINDOWS\system32\gtdownde_110.ocx
CODEBASE = http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)
Intel® 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)
ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)
AOL Connectivity Service: "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" (autostart)
AOL TopSpeed Monitor: C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (autostart)
AOL Spyware Protection Service: C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Rezident Driver: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
AVG7 Clean Driver: \SystemRoot\System32\Drivers\avgclean.sys (system)
AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
basic2: System32\DRIVERS\basic2.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)
cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)
Kodak Camera Proxy: system32\DRIVERS\DcCam.sys (system)
DcFpoint: system32\DRIVERS\DcFpoint.sys (manual start)
Kodak DCFS2K Driver: system32\drivers\dcfs2k.sys (autostart)
Legacy Polling Service: system32\DRIVERS\DcLps.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
dcptp: system32\DRIVERS\DcPTP.sys (manual start)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\DRIVERS\dmio.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
3Com EtherLink XL 90XB/C Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual start)
Eplpdx02: \??\C:\WINDOWS\System32\Drivers\EPLPDX02.SYS (manual start)
EPSON Printer Status Agent2: C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Exportit: system32\DRIVERS\exportit.sys (system)
Fallback: System32\DRIVERS\fallback.sys (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Fsks: System32\DRIVERS\fsksnt.sys (autostart)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)
hpt3xx: \SystemRoot\System32\DRIVERS\hpt3xx.sys (disabled)
hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
Imapi: system32\drivers\Imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\Imapi.exe (manual start)
ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)
IntelIde: System32\DRIVERS\intelide.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
Microsoft IntelliPoint Features driver: System32\DRIVERS\IPFilter.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
K56: System32\DRIVERS\k56nt.sys (autostart)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: System32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Kodak Camera Connection Software: %SystemRoot%\system32\drivers\KodakCCS.exe (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
nv4: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OMCI: \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS (system)
Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: \SystemRoot\System32\DRIVERS\pciide.sys (disabled)
perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Rksample: System32\DRIVERS\rksample.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled)
smwdm: system32\drivers\smwdm.sys (manual start)
SoftFax: System32\DRIVERS\faxnt.sys (autostart)
Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)
SpeakerPhone: System32\DRIVERS\spkpnt.sys (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{6683659F-DB0B-4F7A-97FD-E15BD9183769} (manual start)
symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)
sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)
Tones: System32\DRIVERS\tonesnt.sys (autostart)
TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
V124: System32\DRIVERS\v124nt.sys (autostart)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled)
ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)
vsdatant: \??\C:\WINDOWS\System32\vsdatant.sys (autostart)
TrueVector Internet Monitor: C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start)
WAN Network Driver: System32\DRIVERS\wandrv.sys (manual start)
WAN Miniport (ATW) Service: "C:\WINDOWS\wanmpsvc.exe" (autostart)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
winachsf: System32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 39,261 bytes
Report generated in 2.625 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#6 SandiWhitty

SandiWhitty
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 01 August 2007 - 12:28 PM

Thank you so much for your help.
Here's the uninstall list.

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Photoshop 5.0 Limited Edition
Adobe Photoshop Elements
Adobe Shockwave Player
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
ArcSoft PhotoImpression 3.0
AVG Anti-Spyware 7.5
AVG Free Edition
BUM
CardRd81
CCleaner (remove only)
CCScore
CleanUp!
Conexant HSF V92 56K RTAD Speakerphone PCI Modem
Copy Utility
CR2
Dell Picture Studio - Image Expert 2000
Dell ResourceCD
Dell Solution Center
DellConnect
DellTouch
Easy CD Creator 5 Basic
EPSON Photo Print
EPSON Printer Software
EPSON Smart Panel
EPSON TWAIN 5
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
essvcpt
ESSvpaht
ESSvpot
Family History Resource File Viewer 4.0
Family Tree Maker
Genuine Fractals 2.0 LE
HijackThis 1.99.1
HLPIndex
HLPPDOCK
HLPSFO
Hotfix for Windows XP (KB906569)
Ink Monitor
iPod for Windows 2005-09-23
IrfanView (remove only)
iTunes
Java™ SE Runtime Environment 6 Update 1
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice American English TTS Engine
Macromedia Flash Player
Microsoft Access 97
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Picture It! Photo 2002
Microsoft Streets and Trips 2002
Microsoft Word 2002
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
MrSID Browser Plug-in 1.3
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
NoteTab Light (Remove only)
Notifier
NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers
OfotoXMI
OTtBP
OTtBPSDK
PageTutor
Personal Ancestral File 5
Personal Ancestral File Companion 5.1
PF1250-1650 Guide
PhoneTools
PhotoParade Player
PowerDVD
Pure Networks Port Magic
QuickTime
RealPlayer Basic
RootsMagic
ScanToWeb
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
SFR
SHASTA
Shockwave
Shockwave Player
SKIN0001
SKINXSDK
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Viewpoint Media Player
VPRINTOL
WebCyberCoach 3.2 Dell
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live OneCare safety scanner
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Service Pack 2
WIRELESS
ZoneAlarm

#7 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:02:58 AM

Posted 02 August 2007 - 07:12 AM

Hi,

Please download this file and save it to your desktop:

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C: ), and launch from there.


***Note : "process.exe" is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
It is safe to allow this file.

Please do not use Option 2 unless told! This tool targets specific threats and the fix portion should not be run unless needed.

----------------------

Download this tool to your desktop:
http://www.uploads.ejvindh.net/rootchk.exe
Run the program. After a short time a logfile will turn up. Copy the contents of the log into the thread.
Don't run any tools suggested in the log if any. I need to see its contents first.

------------------------------------

Is the error/stop messege you get on the BSOD always different or the same?
If file name is mentioned can you post it please?
Also the STOP error will help (if available)

If it just BOD and reboots you can view it like this:

Right click "my computer" then "properties"
Click the "advanced" tab.
Under "startup and recover" click "settings.
UNcheck "automatically reboot"
Apply & OK settings.

Next time you BSOD it will stay that way till you restart manually.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#8 SandiWhitty

SandiWhitty
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 02 August 2007 - 09:51 AM

I don't know the answer to the questions about the BSOD as when it comes up I always unplug my comp. Next time it happens I'll see what it says and if it reboots. Thank you again.

SmitFraud log:

SmitFraudFix v2.207

Scan done at 10:41:02.47, Thu 08/02/2007
Run from C:\Documents and Settings\Sandi Whitty\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1124751606\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\WINDOWS\System32\msiexec.exe
c:\program files\common files\aol\1124751606\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1124751606\ee\aolsoftware.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\system32\cmd.exe

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ hosts


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\system


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\Web

C:\WINDOWS\Web\desktop.html FOUND !

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\system32


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\Documents and Settings\Sandi Whitty


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\Documents and Settings\Sandi Whitty\Application Data


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Start Menu


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\FAVORI~1


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Desktop


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\Program Files


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Corrupted keys


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://a299.ac-images.myspacecdn.com/images01/26/m_a0ad078c86408e38833d3c93a7c3957a.gif"
"SubscribedURL"="http://a299.ac-images.myspacecdn.com/images01/26/m_a0ad078c86408e38833d3c93a7c3957a.gif"
"FriendlyName"=""


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{bd0fc212-0a36-4232-83cc-2063fb9282e0}"="curdler"

[HKEY_CLASSES_ROOT\CLSID\{bd0fc212-0a36-4232-83cc-2063fb9282e0}\InProcServer32]
@="C:\WINDOWS\system32\qzviz.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{bd0fc212-0a36-4232-83cc-2063fb9282e0}\InProcServer32]
@="C:\WINDOWS\system32\qzviz.dll"



╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Rustock



╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
DNS Server Search Order: 192.168.1.254
DNS Server Search Order: 192.168.1.254

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 205.188.146.145

HKLM\SYSTEM\CCS\Services\Tcpip\..\{08C497A2-F422-482A-96AB-15A13E606EEE}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{094EABB2-33E1-46E8-B502-61AE816AF0B6}: NameServer=205.188.146.145
HKLM\SYSTEM\CS1\Services\Tcpip\..\{08C497A2-F422-482A-96AB-15A13E606EEE}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{08C497A2-F422-482A-96AB-15A13E606EEE}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Scanning for wininet.dll infection


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ End


Rootchk log:

********************************* ROOTCHK-(21-07-07)-LOG, by ejvindh
Thu 08/02/2007 10:44:13.66

The rootkits that are detected by this tool were not found.

********************************* ROOTCHK-LOG-end


catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-02 10:44:13
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

hidden processes: 0
hidden files: 0

#9 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:02:58 AM

Posted 03 August 2007 - 07:48 AM

Hi,


You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet.

Next, please reboot your computer in "Safe Mode" by doing the following :
[*]Restart your computer
[*]After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
[*]Instead of Windows loading as normal, a menu with options should appear;
[*]Select the first option, to run Windows in Safe Mode, then press "Enter".
[*]Choose your usual account.

Once in Safe Mode, double-click on "SmitfraudFix.exe"
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please attach that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Next:

Using Internet Explorer please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save report button.
  • Call it Kaspersky.txt
  • Expand the arrow beside "file types" and save as .txt file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

*Note2
If you have Internet Explorer 7 installed:
If you have trouble getting past the initial download you may need to use the "zoom" tool at bottom right of the scanner window and increase it to 125% to see and press the "accept" button.
Page will reload and you should be able to carry on scan.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#10 SandiWhitty

SandiWhitty
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 03 August 2007 - 02:18 PM

In the process of trying to copy these logs online my comp went to the blue screen. The stop message was:

0x0000007E (0xC0000005, 0x805C607B, 0xF9FED93C) There was one more, but the comp rebooted before I could copy it. Thank you so much for all of your help.

SmitFraudFix v2.207

Scan done at 12:25:59.00, Fri 08/03/2007
Run from C:\Documents and Settings\Sandi Whitty_2\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{bd0fc212-0a36-4232-83cc-2063fb9282e0}"="curdler"

[HKEY_CLASSES_ROOT\CLSID\{bd0fc212-0a36-4232-83cc-2063fb9282e0}\InProcServer32]
@="C:\WINDOWS\system32\qzviz.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{bd0fc212-0a36-4232-83cc-2063fb9282e0}\InProcServer32]
@="C:\WINDOWS\system32\qzviz.dll"


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Killing process


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ hosts

127.0.0.1 localhost

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Generic Renos Fix

GenericRenosFix by S!Ri


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Deleting infected files

C:\WINDOWS\Web\desktop.html Deleted

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{08C497A2-F422-482A-96AB-15A13E606EEE}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{08C497A2-F422-482A-96AB-15A13E606EEE}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{08C497A2-F422-482A-96AB-15A13E606EEE}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 192.168.1.254


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Deleting Temp Files


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Registry Cleaning

Registry Cleaning done.

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ End


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, August 03, 2007 2:43:27 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 3/08/2007
Kaspersky Anti-Virus database records: 372590
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 81824
Number of viruses found: 20
Number of infected objects: 47
Number of suspicious objects: 0
Duration of the scan process: 01:26:02

Infected Object Name / Virus Name / Last Action
C:\!KillBox\pchtls32.exe Infected: Trojan.Win32.Obfuscated.ev skipped
C:\!KillBox\sderqe32.exe Infected: Trojan.Win32.Obfuscated.ev skipped
C:\!KillBox\zmnkvyvk.exe Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0156963.exe.bac_a03184/stream/Script Infected: Trojan.Win32.DNSChanger.ir skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0156963.exe.bac_a03184/stream Infected: Trojan.Win32.DNSChanger.ir skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0156963.exe.bac_a03184 NSIS: infected - 2 skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0156963.exe.bac_a03184 CryptFF.b: infected - 2 skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0158163.DLL.bac_a03184 Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0158164.DLL.bac_a03184 Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0158167.DLL.bac_a03184 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0158168.DLL.bac_a03184 Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0158169.DLL.bac_a03184 Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0158172.SCR.bac_a03184 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0158174.DLL.bac_a03184 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0158175.EXE.bac_a03184 Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0158178.DLL.bac_a03184 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0158180.DLL.bac_a03184 Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0158181.DLL.bac_a03184 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0158183.DLL.bac_a03184 Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0158185.DLL.bac_a03184 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0158191.EXE.bac_a03184 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0158193.DLL.bac_a03184 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\A0174939.scr.bac_a03184 Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\EGACCESS.dll.bac_a03184 Infected: not-a-virus:Porn-Dialer.Win32.EgroupDial.v skipped
C:\Documents and Settings\Sandi Whitty\.housecall6.6\Quarantine\qqqefnlh3.exe.bac_a03184 Infected: not-a-virus:FraudTool.Win32.UltimateDefender.b skipped
C:\Documents and Settings\Sandi Whitty\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty\Desktop\backups\backup-20070513-150022-289.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Sandi Whitty\Desktop\backups\backup-20070515-172819-363-MSWin.exe Infected: Backdoor.Win32.Agent.acv skipped
C:\Documents and Settings\Sandi Whitty\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Sandi Whitty\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Sandi Whitty\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Sandi Whitty\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Sandi Whitty\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Sandi Whitty\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Sandi Whitty\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty\Local Settings\Temp\Temporary Internet Files\Content.IE5\8A93T3TO\exit[1].html Infected: Trojan-Downloader.JS.Small.au skipped
C:\Documents and Settings\Sandi Whitty\Local Settings\Temp\Temporary Internet Files\Content.IE5\RORDCYT0\exit[1].html Infected: Trojan-Downloader.JS.Small.au skipped
C:\Documents and Settings\Sandi Whitty\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty\ntuser.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Adobe\Acrobat\Whapi\CreatePDFWinColor.ico Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Adobe\Acrobat\Whapi\CreatePDFWinGray.ico Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Adobe\Acrobat\Whapi\SearchPDFWinColor.ico Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Adobe\Acrobat\Whapi\SearchPDFWinGray.ico Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Adobe\Acrobat\Whapi\WHAppList.xml Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\AOL\ACS\1.0\Credentials.db Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Lavasoft\Ad-Aware\description.ini Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Lavasoft\Ad-Aware\Quarantine\auto-quarantine- 2005-07-11 23-32-34.bckp Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Lavasoft\Ad-Aware\Quarantine\auto-quarantine- 2005-07-11 23-34-46.bckp Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Lavasoft\Ad-Aware\Quarantine\auto-quarantine- 2005-07-11 23-36-47.bckp Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Lavasoft\Ad-Aware\Quarantine\auto-quarantine- 2005-07-11 23-38-47.bckp Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Lavasoft\Ad-Aware\Quarantine\auto-quarantine- 2005-07-11 23-40-49.bckp Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Lavasoft\Ad-Aware\settings.awc Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Lavasoft\Ad-Aware\stats.awd Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Address Book\Sandi Whitty_2.wab Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Installer\{D9B4A1B1-210C-4C6A-B8D4-68739E2D5DAA}\NewShortcut1_1.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Installer\{D9B4A1B1-210C-4C6A-B8D4-68739E2D5DAA}\NewShortcut3_1.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Internet Explorer\BRNDLOG.BAK Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Internet Explorer\BRNDLOG.TXT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 8.0.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Internet Explorer\Quick Launch\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Internet Explorer\Quick Launch\WordPad.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Media Catalog\artgal50.mmc Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Media Player\00106023.wpl Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\MMC\DFRG Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Office\MSO1033.acl Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Office\Recent\bleeping computer hijackthis.LNK Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Office\Recent\index.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Office\Recent\Normal.LNK Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Office\Recent\Shared Documents.LNK Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Office\Recent\Templates.LNK Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Office\Word10.pip Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Proof\CUSTOM.DIC Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Speech\Files\UserLexicons\SP_DBBD524E62D94F1FAE6F9005FC800486.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\MSN6\msndata.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Symantec\Shared\Options.VcPref Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\1007280907.mtx Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@2o7[2].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@66693905[2].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@ads.web.aol[2].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@advertising[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@ancestry[2].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@atwola[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@bleepingcomputer.us.intellitxt[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@content.ancestry[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@dell[2].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@doubleclick[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@earthlink[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@eatps.web.aol[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@ForHomeDSL[2].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@forums[2].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@free.aol[2].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@genealogy[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@genforum.genealogy[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@google[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@housecall[2].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@html[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@id.ancestry[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@images.ancestry[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@kodak[2].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@microsoft[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@msn[2].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@revsci[2].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@smni[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@ssdi.rootsweb[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@support.microsoft[2].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@tryaolfree[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@tucows[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@verizononline[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@verizon[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@vitals.rootsweb[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@wdcs.trendmicro[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@windowsmedia[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@www.ancestry[2].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@www.execsoft[2].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@www.executive[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@www.ispcheck[2].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Cookies\sandi whitty_2@www22.verizon[1].txt Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AboutBuster.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved Files.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\boyzrule3 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\boyzrule3.abi Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\boyzrule3.aby Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\boyzrule3.ARL Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\boyzrule3.BAG Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\boyzrule31.AUT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\CACHE\boyzrul87 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\CACHE\estringpalm06 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\CACHE\pinkiepalm68 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\CACHE\sandiwhit25 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\e string palmer.abi Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\e string palmer.aby Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\estringpalmer Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\estringpalmer.ARL Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\estringpalmer.BAG Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\estringpalmer1.AUT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\pinkie palmer.abi Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\pinkie palmer.aby Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\pinkiepalmer Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\pinkiepalmer.ARL Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\pinkiepalmer.BAG Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\pinkiepalmer1.AUT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\sandiwhitty Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\sandiwhitty.abi Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\sandiwhitty.aby Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\sandiwhitty.ARL Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\sandiwhitty.BAG Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 6.0\organize\sandiwhitty1.AUT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\boyzrule3 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\boyzrule3.abi Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\boyzrule3.aby Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\boyzrule3.ARL Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\boyzrule3.BAG Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\boyzrule31.AUT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\CACHE\boyzrul00 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\CACHE\boyzrul87 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\CACHE\estringpalm00 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\CACHE\estringpalm06 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\CACHE\pinkiepalm00 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\CACHE\pinkiepalm01 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\CACHE\pinkiepalm02 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\CACHE\pinkiepalm68 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\CACHE\sandiwhit00 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\CACHE\sandiwhit01 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\CACHE\sandiwhit02 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\CACHE\sandiwhit03 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\CACHE\sandiwhit25 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\e string palmer.abi Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\e string palmer.aby Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\estringpalmer Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\estringpalmer.ARL Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\estringpalmer.BAG Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\estringpalmer1.AUT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\pinkie palmer.abi Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\pinkie palmer.aby Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\pinkiepalmer Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\pinkiepalmer.ARL Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\pinkiepalmer.BAG Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\pinkiepalmer1.AUT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\sandiwhitty Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\sandiwhitty.abi Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\sandiwhitty.aby Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\sandiwhitty.ARL Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\sandiwhitty.BAG Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AOL Saved PFC\America Online 8.0\organize\sandiwhitty1.AUT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AVG\AVG 6.0.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\AVG\avg6459fu_free.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\IrfanView.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\iview380.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\My Computer.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\SmitfraudFix\dumphive.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\SmitfraudFix\GenericRenosFix.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\SmitfraudFix\HostsChk.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\SmitfraudFix\Process.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\SmitfraudFix\Reboot.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\SmitfraudFix\restart.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\SmitfraudFix\SmitfraudFix.cmd Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\SmitfraudFix\SmiUpdate.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\SmitfraudFix\SrchSTS.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\SmitfraudFix\swreg.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\SmitfraudFix\swsc.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\SmitfraudFix\swxcacls.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\SmitfraudFix\unzip.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\SmitfraudFix.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Desktop\Spybot - Search & Destroy.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Dell\Dell Auction.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Dell\Dell.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Dell\Dellnet.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Dell\Gigabuys.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Dell\Support.Dell.com.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Financial Links\MSN CarPoint.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Financial Links\MSN Home.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Financial Links\MSN HomeAdvisor.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Financial Links\MSN Hotmail.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Financial Links\MSN Money.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Financial Links\MSN People & Chat.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Financial Links\MSN Shopping.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Financial Links\MSN Web Search.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\My Documents.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\INSTALL.LOG Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\AOL\UserProfiles\1124751606\sandiwhitty_2\metrics\cmls_cs.tlv Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\AOL\UserProfiles\1124751606\sandiwhitty_2\metrics\cmls_ms.tlv Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\AOL\UserProfiles\1124751606\sandiwhitty_2\metrics\data\209DA11A-70EC-472B-A7C5-14E0C7611EAD.1186160570.tlv Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\clsFolder.000\cls00001 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\clsFolder.000\cls00002 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\clsFolder.000\cls00003 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\clsFolder.000\cls00004 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\clsFolder.000\cls00005 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\cleanup.log Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Identities\{3203D4E4-3933-4654-8ACC-63655A457D5D}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Microsoft\Media Player\wmpfolders.wmdb Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Microsoft\Money\10.0\urlmap.db Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Microsoft\Speech\Files\MSASR\SP_11C08053F02D4DD1BE7C75205CEC9A45.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Microsoft\Speech\Files\MSASR\SP_898A05562E9C42FC8A4334FC5C278FC1.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Microsoft\Speech\Files\MSASR\SP_B5B084834A0B4F5680A3924C921D2721.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Microsoft\Speech\Files\MSASR\SP_B72DDC5D8E7E4442BA8EEA215D1DB38D.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Microsoft\Speech\Files\MSASR\SP_BD24A65870CB417E9599163C6A35135F.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Microsoft\Speech\Files\MSASR\SP_F759012EDDCB45C1972C9CC868503E03.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Application Data\Microsoft\Works\Portfolio\Sample.wsb Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\History\History.IE5\MSHist012007080320070804\index.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Temp\jusched.log Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Temp\PMShared Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Temp\toasterWrite1.html Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\TempIadHide3.dll Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Temporary Internet Files\Content.IE5\CP8XSZUP\desktop.ini Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Temporary Internet Files\Content.IE5\N4KSCXRQ\desktop.ini Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Temporary Internet Files\Content.IE5\O5AJSPQJ\desktop.ini Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Temporary Internet Files\Content.IE5\OXABG96F\desktop.ini Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\dcenhanc.zip Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\iview375.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\My Pictures\Dell Picture Studio.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\RMTEST.exe Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\xxx.rmg Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_A.CDX Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_A.DBF Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_A.FPT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_C.CDX Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_C.DBF Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_E.CDX Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_E.DBF Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_E.FPT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_F.CDX Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_F.DBF Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_F.FPT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_I.CDX Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_I.DBF Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_I.FPT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_L.CDX Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_L.DBF Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_L.FPT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_M.CDX Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_M.DBF Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_M.FPT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_P.CDX Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_P.DBF Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_P.FPT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_R.CDX Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_R.DBF Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_R.FPT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_S.CDX Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_S.DBF Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_S.FPT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_T.CDX Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_T.DBF Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\My Documents\XXX_T.FPT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\ntuser.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\NTUSER.INI Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\3.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\America Online 6.0 1.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\Andera2.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\AOL Downloads.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\bleeping computer hijackthis.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\boyzrule3.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\CD Label Kits & Info.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\CD Labels - 3 Per Page.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\CD Labels - Stomper.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\CDLabel.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\clean201.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\Computer Info.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\Cookies.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\db1.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\dcenhanc.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\e string palmer.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\EPIUIE6G.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\gbrowser.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\greene.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\Kjar-1.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\organize.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\PRODLST.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\pw.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\readme.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\Sandi Whitty Palmer's Documents.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\sandi whitty_2@www.mcafeehelp[1].lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\sandiwhitty.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\Shared Documents.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\smit.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\Solitaire_Master_2.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\StMary-StJohn History Page1.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\SuperDAT.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\tbdemo.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Recent\Templates.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\RUpdate.log Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\SendTo\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\SendTo\DirectCD Drive (E).lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Accessories\Accessibility\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Accessories\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Accessories\Entertainment\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Dell Accessories\Express Service Code.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\IrfanView\About IrfanView.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\IrfanView\About PlugIns.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\IrfanView\Available Languages.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\IrfanView\Available PlugIns.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\IrfanView\Command line Options.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\IrfanView\IrfanView 3.80.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\IrfanView\IrfanView Help.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\IrfanView\Uninstall IrfanView.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\IrfanView\What's New.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Startup\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Start Menu\Programs\Windows Messenger.lnk Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Templates\AMIPRO.SAM Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Templates\EXCEL.XLS Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Templates\EXCEL4.XLS Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Templates\LOTUS.WK4 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Templates\POWERPNT.PPT Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Templates\PRESENTA.SHW Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Templates\QUATTRO.WB2 Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Templates\SNDREC.WAV Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Templates\WINWORD.DOC Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Templates\WINWORD2.DOC Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Templates\WORDPFCT.WPD Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\Templates\WORDPFCT.WPG Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\UserData\0NCH6D07\oXMLStore[1].xml Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\UserData\6X8HEJUT\oWindowsUpdate[1].xml Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\UserData\G56TS18X\CoronaRunOnce[1].xml Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\UserData\index.dat Object is locked skipped
C:\Documents and Settings\Sandi Whitty_2\UserData\U1A7SZS7\oXMLStore[1].xml Object is locked skipped
C:\Program Files\Internet Explorer\msimg32.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP57\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\dxmasf.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\httpod51.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.inf Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\ssdpapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\ssdpsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ309521$\ssinc51.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ311889$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ311967$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ313450$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ314147$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ314862$\qmgr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ314862$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.inf Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\netsetup.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.inf Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\ssdpapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\ssdpsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ315000$\upnp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ315403$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ317277$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ318138$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ319580$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ319580$\reg00003 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00003 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00004 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00005 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00006 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00007 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00008 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00009 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00010 Object is locked skipped
C:\WINDOWS\$NtUninstallQ323172$\reg00011 Object is locked skipped
C:\WINDOWS\$NtUninstallQ326830$\reg00002 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329048$\reg00001 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329390$\reg00001 Object is locked skipped
C:\WINDOWS\$NtUninstallQ329834$\reg00001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\installer_MARKETING48x.exe/stream/data0001 Infected: Trojan-Downloader.Win32.Adload.a skipped
C:\WINDOWS\Downloaded Program Files\installer_MARKETING48x.exe/stream Infected: Trojan-Downloader.Win32.Adload.a skipped
C:\WINDOWS\Downloaded Program Files\installer_MARKETING48x.exe NSIS: infected - 2 skipped
C:\WINDOWS\Downloaded Program Files\ZwinkyInitialSetup1.0.0.15.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.aw skipped
C:\WINDOWS\Internet Logs\CEILIDHBUG.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\spoolsv.exe.20020518-202544-00.mdmp Object is locked skipped
C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\spoolsv.exe.20020519-211101-00.mdmp Object is locked skipped
C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\spoolsv.exe.20020530-213520-00.mdmp Object is locked skipped
C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\spoolsv.exe.20021130-003952-00.mdmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\GrlNt0i.dll Infected: not-a-virus:AdWare.Win32.F1Organizer.l skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\KVIF_7.dll.tcf/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\WINDOWS\SYSTEM32\KVIF_7.dll.tcf/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\WINDOWS\SYSTEM32\KVIF_7.dll.tcf/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\WINDOWS\SYSTEM32\KVIF_7.dll.tcf/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
C:\WINDOWS\SYSTEM32\KVIF_7.dll.tcf/data0008 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\WINDOWS\SYSTEM32\KVIF_7.dll.tcf/data0009 Infected: Trojan-Downloader.Win32.Keenval.e skipped
C:\WINDOWS\SYSTEM32\KVIF_7.dll.tcf NSIS: infected - 6 skipped
C:\WINDOWS\SYSTEM32\KVIF_7.dll.tcf Exe2Dll: infected - 6 skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\ZLT0592b.TMP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#11 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:02:58 AM

Posted 03 August 2007 - 06:12 PM

Hi,

Regarding your BSOD/Reboot issue..

Do the following please:

Right click "my computer" then "properties"
Click the "advanced" tab.
Under "startup and recover" click "settings.
UNcheck "automatically reboot"
Apply & OK settings.

Next time you BSOD it will stay that way till you restart manually with the power switch. (some machines you have to hold power button for 5-7 seconds to shut off)
That just stops the reboot so you have time to read the onscreen messege.

Looks like you have 2 user accounts. Yes?

By any chance have you used the setting "Make my folders private" on the Witty_2 account?
Reason I ask is because alot of items on that account KAV online seems to have had trouble scanning. (object is locked) which is kinda unusual.

----------------------------------

Locate and delete the following:

C:\Documents and Settings\Sandi Whitty_2\Desktop\AboutBuster.exe

It is an old tool and should not be used anymore.

Copy the following text inside code box to a new notepad file.
Save as file name clean.bat
As file types: All files (*)
Save it to your desktop.

del "C:\WINDOWS\Downloaded Program Files\ZwinkyInitialSetup1.0.0.15.exe"
del "C:\WINDOWS\Downloaded Program Files\installer_MARKETING48x.exe"

Once saved, double click it and let it run.

A "dos" box will flash up quick and dissapear. This is normal.
That just deleted the 2 adware files in your "downloaded program files" folder that is normally difficult to access.


----------------------------------

You had some backdoor activity at one time or another.
I would like to run a tool that will check for and reset several registry items normally affected.

Download SDFix and save it to your Desktop.

In the event you already have SDFix, please delete it as this is a new version I need you to download.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

Let me know how the machine is acting at this point.

-----------------------------------------

Few suspect files I would like to have a look at.

Please download Suspicious file Packer from Safer-Networking.Org and unzip it to your desktop.

Boot to SAFE mode.

Run SFP.exe.

Please copy the following lines:

C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Installer\{D9B4A1B1-210C-4C6A-B8D4-68739E2D5DAA}\NewShortcut1_1.exe
C:\Documents and Settings\Sandi Whitty_2\Application Data\Microsoft\Installer\{D9B4A1B1-210C-4C6A-B8D4-68739E2D5DAA}\NewShortcut3_1.exe

and paste it in the box in SFP, then click "Continue".

It will copy the files and zip em up to a cab file on your desktop.
Called something like "Requested files [time/date].cab"

Once this is done, boot back up to normal mode.

Please upload the cab file to this site:

http://www.thespykiller.co.uk/index.php?board=1.0

Start yourself a new topic (use the username you use here please so I can find you)

Put in topic title "Request by Blender"
Put in body of messege the link to our thread here.
then press the browse button and then navigate to & select the cab file on desktop.
press Post to upload the file

It is normal you will not see the file you just posted cus only approved members can see em to download them.

Let me know here when you have posted.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#12 SandiWhitty

SandiWhitty
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 03 August 2007 - 08:25 PM

I unchecked "automatically reboot". I do have 2 user accounts. As for making my documents private, I may have, but I don't remember for sure. If I should undo that if you'll tell me how I will. I've deleted AboutBuster.

I tried to paste the info in the code box into notepad and can not use notepad. This is the message I got:

C:\DOCUME~1\SANDIW~1\STARTM~1Programs\ACCESS~1\Notepad.pif
C:\WINDOWS\SYSTEM32\AUTOEXEC.NT. The system file is not suitable for running MS-DOS and Microsoft Windows applications. Choose 'Close' to terminate the application.

I will go ahead and download SDFix and proceed with that while I wait to hear from you on the notepad subject.

Thank you so much.

#13 SandiWhitty

SandiWhitty
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 03 August 2007 - 09:58 PM

Before I was able to run SDFix my comp crashed 3 times. The 3 stop messages were:

0x0000007E (0x0000005, 0x805C607B, 0xFA00593C, 0xFA005638)

0x0000007E (0xC0000005, 0x805C607B, 0xF9FC91E8, 0xF9FC8EE4)

0x0000007E (0xC0000005, 0x805C607B, 0xFA001...computer rebooted

Here's the SD report:


SDFix: Version 1.95

Run by Sandi Whitty_2 on Fri 08/03/2007 at 10:31 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\MONEYSPJ.EXE - Deleted
C:\WINDOWS\system32\drivers\etc\hosts.bho - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Program Files\America Online 9.0\AOLphx.exe
C:\Program Files\America Online 9.0\rbm.exe
C:\Program Files\America Online 9.0a\aolphx.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\America Online 9.0a\RBM.exe
C:\WINDOWS\SYSTEM32\PackethSvc.exe
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
C:\Documents and Settings\Sandi Whitty\Application Data\Microsoft\Word\~WRL3371.tmp
C:\WINDOWS\SYSTEM32\CONFIG\default.tmp.LOG
C:\WINDOWS\SYSTEM32\CONFIG\software.tmp.LOG
C:\WINDOWS\SYSTEM32\CONFIG\system.tmp.LOG

Finished

Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:57:34 PM, on 8/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1124751606\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0a\aoltray.exe
c:\program files\common files\aol\1124751606\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1124751606\ee\aolsoftware.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Documents and Settings\Sandi Whitty\Desktop\hijackthis.exe

#14 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:02:58 AM

Posted 03 August 2007 - 10:18 PM

Hi,

For the autoexec.nt error do this please:

Go to C:\Windows\Repair

open folder and locate autoexec.nt
Copy it to C:\Windows\system32 folder.


Can you run notepad if you do it from run box? Like this: (make sure to include the exe)

Start> run> type notepad.exe and hit enter.

It open then? If so... good.
See if you can create "clean.bat" from earlier and run it to delete those 2 files.

-------------------------------


Reveal Hidden Files
  • Click Start.
  • Open My Computer.
  • SelectTools menu
  • Click Folder Options.
  • Select the View Tab.
  • Select Show hidden files and foldersin the Hidden files and folders section.
  • Uncheck Hide protected operating system files (recommended) option.
  • Uncheck the Hide file extensions for known file types option.
  • Click Yes.
  • Click OK.


Locate and delete if found the following:

C:\Documents and settings\Sandi Whitty\Start Menu\Programs\Accessories\Notepad.pif
C:\Documents and settings\Sandi Whitty_2\Start Menu\Programs\Accessories\Notepad.pif

The icon will look like an MSDos icon.

Let me know if those files were there and if you had troubles to show hidden files.


1. Download this file and save it to your desktop.

In the event you already have Combofix, please delete it as this is a new version I need you to download.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
You will temporarily lose desktop while scan is running. Once scan is done desktop will return to normal.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Can you post fresh hijackthis log too please?
Other one got cut off.

System seem more stable while in safe mode?
How is it now since ComboFix?


Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#15 SandiWhitty

SandiWhitty
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:58 AM

Posted 03 August 2007 - 10:55 PM

I uploaded sfp to the site. I also copied autoexec.nt to C:\Windows\system32 folder. I was able to run notepad from run and did the clean.bat

I'm having a very hard time getting my comp to boot in safe mode. I have to restart quite a few times to get it there. I'll follow the rest of your instructions now.

Thank you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users