PDA

View Full Version : Persistent problem with Zlob - Plz help



bsanb
2007-06-06, 06:58
Persistent problem with Zlob.VideoArchiveXObject.
Identified as trojan by Spybot , removes it but comes back each time machine is rebooted even when removed in safe mode.

Virus scan:
Scan Results: Scan Completed. 143592 files scanned. No viruses found.

File Infection Status Path
- No Infections

Logfile of HijackThis v1.99.1
Scan saved at 7:48:58 PM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kerberos\krbcc32s.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\MIT\KLP\klptray.exe
C:\Program Files\Kerberos\krbcc32s.exe
C:\Program Files\Kerberos\leash32.exe
C:\swares\WordWeb\wweb32.exe
C:\sw_install\StretchBreak\Stretch.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\LVComsX.exe
C:\swares\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.mit.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Stretch Break.lnk = C:\sw_install\StretchBreak\Stretch.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: KlpTray.lnk = C:\Program Files\MIT\KLP\klptray.exe
O4 - Global Startup: Leash Kerberos Ticket Manager.lnk = C:\Program Files\Kerberos\leash32.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O4 - Global Startup: WordWeb.lnk = C:\swares\WordWeb\wweb32.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download using Download &Express - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C53A43D-2209-42E8-8923-E4FCE0AA90CC}: NameServer = 85.255.115.50,85.255.112.172
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC71F649-4BBC-435D-83F7-BA16973EF34D}: NameServer = 85.255.115.50,85.255.112.172
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5CF5EB7-0522-4F19-9BB8-56EF63B919FC}: NameServer = 85.255.115.50,85.255.112.172
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7537C9C-60FC-4C38-8444-A4400B6A7644}: NameServer = 85.255.115.50,85.255.112.172
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED17332F-EF4A-4526-9E22-4EBAE44CEE4B}: NameServer = 85.255.115.50,85.255.112.172
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.172
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.172
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.50 85.255.112.172
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AfsLogon - C:\WINDOWS\system32\afslogon.dll
O20 - Winlogon Notify: KFWLogon - C:\WINDOWS\system32\afslogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BJZCWY - Sysinternals - www.sysinternals.com - C:\DOCUME~1\bsanjayb\LOCALS~1\Temp\BJZCWY.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: OpenAFS Client (TransarcAFSDaemon) - OpenAFS Project - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

Shaba
2007-06-07, 12:47
Hi bsanb

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure Run fixit is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads, post the text that will open (report.txt) and a new Hijackthis log in the forum please.

bsanb
2007-06-08, 06:22
HiJack log after running Fixware out.

Logfile of HijackThis v1.99.1
Scan saved at 11:16:08 PM, on 6/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\MIT\KLP\klptray.exe
C:\Program Files\Kerberos\krbcc32s.exe
C:\Program Files\Kerberos\leash32.exe
C:\swares\WordWeb\wweb32.exe
C:\sw_install\StretchBreak\Stretch.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\swares\2xExplorer\2xExplorer.exe
C:\swares\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.mit.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Stretch Break.lnk = C:\sw_install\StretchBreak\Stretch.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: KlpTray.lnk = C:\Program Files\MIT\KLP\klptray.exe
O4 - Global Startup: Leash Kerberos Ticket Manager.lnk = C:\Program Files\Kerberos\leash32.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O4 - Global Startup: WordWeb.lnk = C:\swares\WordWeb\wweb32.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download using Download &Express - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AfsLogon - C:\WINDOWS\system32\afslogon.dll
O20 - Winlogon Notify: KFWLogon - C:\WINDOWS\system32\afslogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BJZCWY - Sysinternals - www.sysinternals.com - C:\DOCUME~1\bsanjayb\LOCALS~1\Temp\BJZCWY.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: OpenAFS Client (TransarcAFSDaemon) - OpenAFS Project - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

-end of log--

Shaba
2007-06-08, 12:13
Hi

Please post also contents of C:\fixwareout\report.txt here :)

bsanb
2007-06-08, 23:13
Fixwareout Last edited 5/15/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»»

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.


Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other
C:\WINDOWS\Temp\kdfwv.ren 66575 08/04/2004

»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"TPKMAPHELPER"="C:\\Program Files\\ThinkPad\\Utilities\\TpKmapAp.exe -helper"
"TpShocks"="TpShocks.exe"
"TP4EX"="tp4ex.exe"
"EZEJMNAP"="C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\EzEjMnAp.Exe"
"TPHOTKEY"="C:\\PROGRA~1\\Lenovo\\PkgMgr\\HOTKEY\\TPHKMGR.exe"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"suScheduler"="C:\\Program Files\\ThinkVantage\\SystemUpdate\\UCLauncher.exe /SCHEDULER"
"LPManager"="C:\\PROGRA~1\\THINKV~2\\PrdCtr\\LPMGR.exe"
"AMSG"="C:\\PROGRA~1\\THINKV~2\\AMSG\\amsg.exe"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"cssauth"="\"C:\\Program Files\\IBM ThinkVantage\\Client Security Solution\\cssauth.exe\" silent"
"PDService.exe"="\"C:\\Program Files\\IBM ThinkVantage\\SafeGuard PrivateDisk\\pdservice.exe\""
"ACTray"="C:\\Program Files\\ThinkPad\\ConnectUtilities\\ACTray.exe"
"ACWLIcon"="C:\\Program Files\\ThinkPad\\ConnectUtilities\\ACWLIcon.exe"
"PWRMGRTR"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\PWRMGRTR.DLL,PwrMgrBkGndMonitor"
"BLOG"="rundll32 C:\\PROGRA~1\\ThinkPad\\UTILIT~1\\BatLogEx.DLL,StartBattLog"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\tbmon.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

Shaba
2007-06-09, 12:05
Hi

# Run Spybot-S&D in Advanced Mode.
# If it is not already set to do this Go to the Mode menu select "Advanced Mode"
# On the left hand side, Click on Tools
# Then click on the Resident Icon in the List
# Uncheck "Resident TeaTimer" and OK any prompts.
# Restart your computer.

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)

Close all windows including browser and press fix checked.

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.filehippo.com/download_ewido/?1691
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
______________________________

Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:

Quit Internet Explorer, all browsers and quit any instances of Windows Explorer.

For Internet Explorer 7
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete... under Browsing History.
Next to Temporary Internet Files, click Delete files, and then click OK.
Next to Cookies, click Delete cookies, and then click OK.
Next to History, click Delete history, and then click OK.
Click the Close button.
Click OK.
For Internet Explorer 4.x - 6.x
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box, and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.
For Netscape 4.x and Up
Click Edit from the Netscape menubar.
Click Preferences... from the Edit menu.
Expand the Advanced menu by clicking the triangle sign.
Click Cache.
Click both the Clear Memory Cache and the Clear Disk Cache buttons.
For Mozilla 1.x and Up
Click Edit from the Mozilla menubar.
Click Preferences... from the Edit menu.
Expand the Advanced menu by clicking the plus sign.
Click Cache.
Click the Clear Cache button.
For Opera
Click File from the Opera menubar.
Click Preferences... from the File menu.
Click the History and Cache menu.
Click the two Clear buttons next to Typed in addresses and Visited addresses (history) and click the Empty now button to clear the Disk cache.
Click Ok to close the Preferences menu.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________

Please post:

AVG Anti-Spyware log
A new HijackThis log
You may need several replies to post the requested logs, otherwise they might get cut off.

bsanb
2007-06-10, 07:50
Logfile of HijackThis v1.99.1
Scan saved at 9:55:45 PM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComsX.exe
C:\swares\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.mit.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stretch Break.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: KlpTray.lnk = C:\Program Files\MIT\KLP\klptray.exe
O4 - Global Startup: Leash Kerberos Ticket Manager.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O4 - Global Startup: WordWeb.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download using Download &Express - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AfsLogon - C:\WINDOWS\system32\afslogon.dll
O20 - Winlogon Notify: KFWLogon - C:\WINDOWS\system32\afslogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BJZCWY - Unknown owner - C:\DOCUME~1\bsanjayb\LOCALS~1\Temp\BJZCWY.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: OpenAFS Client (TransarcAFSDaemon) - OpenAFS Project - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

bsanb
2007-06-10, 07:52
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:48:13 PM 6/9/2007

+ Scan result:



HKU\S-1-5-21-3247866205-2105670090-2518177237-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3247866205-2105670090-2518177237-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84938242-5C5B-4A55-B6B9-A1507543B418} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3247866205-2105670090-2518177237-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-3247866205-2105670090-2518177237-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84938242-5C5B-4A55-B6B9-A1507543B418} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine\$25FC0C20.t$m.Vir -> Not-A-Virus.PSWTool.Win32.PassView.162 : Cleaned with backup (quarantined).
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine\$65CA1927.t$m.Vir -> Not-A-Virus.PSWTool.Win32.PassView.162 : Cleaned with backup (quarantined).
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine\arc0000.tmp.Vir -> Not-A-Virus.PSWTool.Win32.PassView.162 : Cleaned with backup (quarantined).
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Quarantine\pspv.exe.Vir -> Not-A-Virus.PSWTool.Win32.PassView.162 : Cleaned with backup (quarantined).
C:\bsb\tools\SecurityUtils\pspv_protectedStoragePassView.zip/pspv.exe -> Not-A-Virus.PSWTool.Win32.PassView.162 : Cleaned with backup (quarantined).
:mozilla.142:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.77:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.78:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.79:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.80:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.81:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.82:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.83:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.84:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.245:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.246:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.63:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.8:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.100:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.44:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.116:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.272:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.9:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.136:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.137:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.40:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.205:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.39:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.42:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.43:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.64:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.280:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.85:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.86:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.87:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.88:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.179:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.180:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.181:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.192:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.193:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.194:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.195:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.196:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.197:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.198:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.124:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.125:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.126:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.200:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.201:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.202:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.203:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.204:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.99:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.208:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.209:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.210:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.213:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.214:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.215:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.242:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.50:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.227:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.228:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.229:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.35:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.36:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.37:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.38:C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Shaba
2007-06-10, 12:24
Hi

Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

Post:

- a fresh HijackThis log
- kaspersky report

bsanb
2007-06-11, 22:43
Thanks for the instructions.
I did the scan and here are the results.
Note that i have several users set up on the machine, and some cannot have access to others files. I noticed the scan often displays 'cannot access ..object blocked'.
So, i logged in as other user and re-scan.
for the previous steps, i also ran the tools for each user, deleted temp files etc.

Here is the scan for default user:
when it came to the other user -cannot access part- i am providing the other scan seperately.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, June 11, 2007 3:30:44 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 11/06/2007
Kaspersky Anti-Virus database records: 342200
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
R:\

Scan Statistics:
Total number of scanned objects: 124226
Number of viruses found: 3
Number of infected objects: 23
Number of suspicious objects: 2
Duration of the scan process: 01:50:46

Infected Object Name / Virus Name / Last Action
C:\bsb\tools\AntiMalware\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/1/EnigmaUpdater.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\bsb\tools\AntiMalware\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/2/esgi_md5h.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\bsb\tools\AntiMalware\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/7/SpyHunter.exe Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\bsb\tools\AntiMalware\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/17/Esgiutl1.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\bsb\tools\AntiMalware\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/18/SHSched.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\bsb\tools\AntiMalware\Free-SpyHunter-Scanner-Install.exe/PRE Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\bsb\tools\AntiMalware\Free-SpyHunter-Scanner-Install.exe Ghost Installer: infected - 6 skipped
C:\bsb\tools\AntiMalware\Free-SpyHunter-Scanner-Install.exe UPX: infected - 6 skipped
C:\bsb\tools\PCtools\RegistryDoc_Install.exe/Stream/data0001 Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\PCtools\RegistryDoc_Install.exe/Stream/data0007 Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\PCtools\RegistryDoc_Install.exe/Stream/data0010 Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\PCtools\RegistryDoc_Install.exe/Stream Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\PCtools\RegistryDoc_Install.exe Inno: infected - 4 skipped
C:\bsb\tools\RegistryDoc_Install.exe/Stream/data0001 Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\RegistryDoc_Install.exe/Stream/data0007 Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\RegistryDoc_Install.exe/Stream/data0010 Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\RegistryDoc_Install.exe/Stream Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\RegistryDoc_Install.exe Inno: infected - 4 skipped
C:\bsb\tools\utils\RegistryDoc_Install.exe/Stream/data0001 Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\utils\RegistryDoc_Install.exe/Stream/data0007 Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\utils\RegistryDoc_Install.exe/Stream/data0010 Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\utils\RegistryDoc_Install.exe/Stream Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\utils\RegistryDoc_Install.exe Inno: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070611_Time-005659040_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070611_Time-005659040_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_SUN.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_SUN.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip/uninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\VMware\vmnetdhcp.leases Object is locked skipped
C:\Documents and Settings\bsanjayb\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\cert8.db Object is locked skipped
C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\history.dat Object is locked skipped
C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\key3.db Object is locked skipped
C:\Documents and Settings\bsanjayb\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\parent.lock Object is locked skipped
C:\Documents and Settings\bsanjayb\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\bsanjayb\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\bsanjayb\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\bsanjayb\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\bsanjayb\Local Settings\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\bsanjayb\Local Settings\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\bsanjayb\Local Settings\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\bsanjayb\Local Settings\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\bsanjayb\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\bsanjayb\Local Settings\History\History.IE5\MSHist012007061120070612\index.dat Object is locked skipped
C:\Documents and Settings\bsanjayb\Local Settings\Temp\Perflib_Perfdata_14d4.dat Object is locked skipped
C:\Documents and Settings\bsanjayb\Local Settings\Temp\Perflib_Perfdata_5b4.dat Object is locked skipped
C:\Documents and Settings\bsanjayb\Local Settings\Temp\~DF1718.tmp Object is locked skipped
C:\Documents and Settings\bsanjayb\Local Settings\Temp\~WRD0002.doc Object is locked skipped
C:\Documents and Settings\bsanjayb\Local Settings\Temp\~WRF0001.tmp Object is locked skipped
C:\Documents and Settings\bsanjayb\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\bsanjayb\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\bsanjayb\My Documents\SecureDrive.vol Object is locked skipped
C:\Documents and Settings\bsanjayb\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\bsanjayb\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

bsanb
2007-06-11, 22:50
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\Collab\RSS Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\Preferences\AutoFillDefaults.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\Preferences\defaultHeuristics.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\log.idx Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\l_000101.log Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\sched-0001.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\sched-0002.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0001.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0002.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0003.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0004.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0005.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0006.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0007.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0008.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0009.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0011.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0012.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0013.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\user-0000.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Google\Local Search History\google%2Eweb.w Object is locked skipped
C:\Documents and Settings\San\Application Data\IBM\Java\Deployment\deployment.properties Object is locked skipped
C:\Documents and Settings\San\Application Data\Macromedia\Flash Player\#SharedObjects\RKDBXNSH\skype.com\#ui\preferences.sol Object is locked skipped
C:\Documents and Settings\San\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3247866205-2105670090-2518177237-1005\533145ef011ddf5ca3983e2545a902b4_6948e975-c7e0-42c6-8274-92a22297dfdb Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3247866205-2105670090-2518177237-1005\6aa0487f26600cd657138d907005de1e_6948e975-c7e0-42c6-8274-92a22297dfdb Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Excel\Excel11.xlb Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Media Player\00771AE7.wpl Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\MMC\dfrg Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Excel11.pip Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\MSO1033.acl Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\MSOut11.pip Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\PowerP11.pip Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\06_Instructions2_for Zlob removal.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\AfricanFellowsFields.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\alumni on www.iie.org.url Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Alumni workshop guidelines.doc.url Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\CSIRT.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Europa2010 h.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Humphrey06-07 Fellows Profile List for web.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Humphrey06-07_Analysed.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\HumphreySite.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\HumpreyGeneral.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\index.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\ITSecMeeting_12-01-07.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\ITSecMeeting_27-04-07.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\ITSecMIT.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\ITSecurityAuditChecklist.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Letter for Feb Course - Duteil.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\OLK871.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\RegionalAlumni workshop guidelines.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Templates.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\THE RISE OF THE VIRTUAL MACHINES.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\USCert-websiteReviewFreeTools.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Virtualization.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Virutalization and DATA CENTER.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Zlob_infection.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Word11.pip Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Wordma11.pip Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Outlook\outcmd.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Outlook\Outlook.NK2 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Outlook\Outlook.xml Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\PowerPoint\PPT11.pcb Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Proof\CUSTOM.DIC Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-1711984796-385799163-2964708926-500\1c219d41-9abb-41b5-beab-7a94361df772 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-1711984796-385799163-2964708926-500\Preferred Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-2211086380-485395168-2894439224-500\0fd705c8-eb4c-4944-8e75-56c6bdd13458 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-2211086380-485395168-2894439224-500\Preferred Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-3247866205-2105670090-2518177237-1005\57dbde19-9b5c-4b66-9a55-01f4cd6bf691 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-3247866205-2105670090-2518177237-1005\92300664-72b6-4eab-8f2f-e405aab73cae Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-3247866205-2105670090-2518177237-1005\c949cbe0-ba40-40ab-baf0-14ce63001b03 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-3247866205-2105670090-2518177237-1005\Preferred Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Templates\~$Normal.dot Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\pluginreg.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\bookmarkbackups\bookmarks-2007-06-09.html Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\bookmarks.bak Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\bookmarks.html Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\cert8.db Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\chrome\userChrome-example.css Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\chrome\userContent-example.css Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\compatibility.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\compreg.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\extensions.cache Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\extensions.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\extensions.rdf Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\history.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\key3.db Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\localstore.rdf Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\metrics.xml Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\mimeTypes.rdf Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\prefs.js Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\search.rdf Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\secmod.db Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\xpti.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\profiles.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Real\RealPlayer\norestore.ste Object is locked skipped
C:\Documents and Settings\San\Application Data\Real\RealPlayer\realplayer.ste Object is locked skipped
C:\Documents and Settings\San\Application Data\Real\RealPlayer\skins\data\normal\imgcache.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Real\RealPlayer\skins\data\normal\state.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\roomab\config.lck Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\roomab\config.xml Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\roomab\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\roomab\index2.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\roomab\profile256.dbb Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\roomab\user1024.dbb Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\shared.lck Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\shared.xml Object is locked skipped
C:\Documents and Settings\San\Application Data\Symantec\Shared\Options.VcPref Object is locked skipped
C:\Documents and Settings\San\Application Data\Talkback\MozillaOrg\Firefox15\Win32\2007031202\manifest.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Talkback\MozillaOrg\Firefox15\Win32\2007031202\permdata.box Object is locked skipped
C:\Documents and Settings\San\Application Data\ThinkVantage\Client Security\encobject.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\ThinkVantage\Client Security\hibernation.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\ThinkVantage\Client Security\hwkeys.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\ThinkVantage\Client Security\pwdrecovery.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\ThinkVantage\Client Security\symkeys.dat Object is locked skipped
C:\Documents and Settings\San\Cookies\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\San\Desktop\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\San\Favorites\Africa Guide - Map of Africa.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\Favorites\Links\Customize Links.url Object is locked skipped

bsanb
2007-06-11, 22:54
C:\Documents and Settings\San\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Microsoft Websites\IE Add-on site.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Microsoft Websites\IE site on Microsoft.com.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Microsoft Websites\Marketplace.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Microsoft Websites\Microsoft At Home.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Microsoft Websites\Microsoft At Work.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Microsoft Websites\Welcome to IE7.url Object is locked skipped
C:\Documents and Settings\San\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\Accessories & Upgrades.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\Community.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\IBM Home.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\IBM PC Home.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\Support & Services.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\Think News.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\ThinkPad Home.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\ThinkVantage Technologies.url Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\AcroFnt07.lst Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Adobe\Color\ACECache4.lst Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\crawlercfg.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\idx\deletable Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\idx\segments Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\idx\_3f.cfs Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\SID.db Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\SII.db Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\ApplicationHistory\MsiExec.exe.8cb23528.ini.inuse Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\ApplicationHistory\SL1E.tmp.2b86805d.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\ATI\ACE\Profiles.xml Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\fusioncache.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Google\Google Desktop\919b45ba152f\gpac.xml Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\BZOGYTF5\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\BZOGYTF5\fwlink[1] Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\EUXIXTY3\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\SHQN3TUM\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\VLXB21B5\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\VLXB21B5\fwlink[1] Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\FORMS\FRMCACHE.DAT Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\lastplayed.wpl Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\LocalMLS_0.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\LocalMLS_1.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\LocalMLS_2.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\wmdbexport.xml Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\wmpfolders.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Outlook\extend.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Musicmatch\Jukebox\Portables.log Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Musicmatch\MIM\MMCDi.xml Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\08242006.Log Object is locked skipped
C:\Documents and Settings\San\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\Content.IE5\AX4K0P63\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\Content.IE5\HIW311T2\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\Content.IE5\ORANH5E3\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\Content.IE5\SGIF6OO2\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\San\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Analog Clock-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Battery Meter-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Digital Clock-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Google Gadget Tips-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Google Gadgets Calendar-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Media Player Remote-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Wireless Signal Meter-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\San\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\My Documents\My Pictures\My Logitech Pictures\Pictures and Videos\FishTank.avi Object is locked skipped
C:\Documents and Settings\San\My Documents\My Pictures\My Logitech Pictures\Pictures and Videos\folder.dat Object is locked skipped
C:\Documents and Settings\San\My Documents\My Pictures\My Logitech Pictures\Pictures and Videos\Henry.jpg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\San\My Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\My Documents\SecureDrive.vol Object is locked skipped
C:\Documents and Settings\San\My Documents\SkypeSoundEqt.PDF Object is locked skipped
C:\Documents and Settings\San\NetHood\My Web Sites on MSN\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\NetHood\My Web Sites on MSN\target.lnk Object is locked skipped
C:\Documents and Settings\San\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\San\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\San\ntuser.ini Object is locked skipped
C:\Documents and Settings\San\Recent\00_ResearchtoFindandAccess.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\06_Instructions2_for Zlob removal.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\AfricanFellowsFields.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\CSIRT.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\ctrlemlmem4.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\Recent\Digital Line Detect.lnk.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\eml.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\HP Digital Imaging Monitor.lnk.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Humphrey06-07 Fellows Profile List for web.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Humphrey06-07_Analysed.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\HumphreySite.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\HumpreyGeneral.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Logitech Desktop Messenger.lnk.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Logitech SetPoint.lnk.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\PerformanceMeter.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\RegionalAlumni workshop guidelines.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Registration.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\SkypeSoundEqt.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Specifications.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Startup.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\TenderSpecs_June07.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\THE RISE OF THE VIRTUAL MACHINES.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\USCert-websiteReviewFreeTools.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\utils.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Venkat_pdf.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Virtualization.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Virutalization and DATA CENTER.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Zlob_infection.lnk Object is locked skipped
C:\Documents and Settings\San\SendTo\Bluetooth\desktop.ini Object is locked skipped
C:\Documents and Settings\San\SendTo\Bluetooth\Other....lnk Object is locked skipped
C:\Documents and Settings\San\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\San\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\San\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\San\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\San\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\San\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Administrative Tools\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\San\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\San\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\San\Templates\excel4.xls Object is locked skipped

bsanb
2007-06-11, 22:55
C:\Documents and Settings\San\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\San\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\San\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\San\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\San\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\San\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\San\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\San\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\San\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\sanybill\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst Object is locked skipped
C:\Documents and Settings\sanybill\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst Object is locked skipped
C:\Documents and Settings\sanybill\Application Data\Adobe\Acrobat\7.0\Collab\RSS Object is locked skipped
C:\Documents and Settings\sanybill\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\sanybill\Application Data\Adobe\A

[note: lots of similar entries ...]

C:\Documents and Settings\sanybill\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\sanybill\UserData\index.dat Object is locked skipped
C:\e9df7f001334c5bc9921\%temp%dd_msxml_retMSI.txt Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc13.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc14.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc15.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc16.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc17.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc18.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc19.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc20.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc21.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc22.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc23.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc24.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc25.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc26.doc Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc27.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc28.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc29.log Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc30.REG Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc31.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc32.log Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc33.log Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc34.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc35.exe Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc37.log Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{07986C34-8325-D60A-26AA-163746389479}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{07986C34-8325-D60A-26AA-163746389479}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{152A2428-1F10-2637-7FD6-33E69889E11E}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{152A2428-1F10-2637-7FD6-33E69889E11E}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{6626DBDA-021B-C749-EBCA-74A7599F594C}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{6626DBDA-021B-C749-EBCA-74A7599F594C}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{8B21D205-5F03-5C5C-0DCF-F83BC74BCACF}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{8B21D205-5F03-5C5C-0DCF-F83BC74BCACF}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{B6B175A4-44C6-0025-87C8-40A6A6E898D5}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{B6B175A4-44C6-0025-87C8-40A6A6E898D5}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{D6C33382-7C05-88A5-BC3D-752C772BE1E1}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{D6C33382-7C05-88A5-BC3D-752C772BE1E1}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{E8F29EC9-2661-B048-53C9-3514B3A6BDEF}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{E8F29EC9-2661-B048-53C9-3514B3A6BDEF}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc40.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc9\firstrun.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\00002.SPL Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\00004.SPL Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\00005.SPL Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\00009.SPL Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_25c.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_ae4.dat Object is locked skipped
C:\WINDOWS\Temp\vmware-serverd.log Object is locked skipped
C:\WINDOWS\Temp\vmware-vmount.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

bsanb
2007-06-11, 22:57
Logfile of HijackThis v1.99.1
Scan saved at 11:08:16 AM, on 6/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\MIT\KLP\klptray.exe
C:\Program Files\Kerberos\krbcc32s.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\swares\2xExplorer\2xExplorer.exe
C:\swares\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.mit.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Stretch Break.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: KlpTray.lnk = C:\Program Files\MIT\KLP\klptray.exe
O4 - Global Startup: Leash Kerberos Ticket Manager.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O4 - Global Startup: WordWeb.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download using Download &Express - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AfsLogon - C:\WINDOWS\system32\afslogon.dll
O20 - Winlogon Notify: KFWLogon - C:\WINDOWS\system32\afslogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BJZCWY - Unknown owner - C:\DOCUME~1\bsanjayb\LOCALS~1\Temp\BJZCWY.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: OpenAFS Client (TransarcAFSDaemon) - OpenAFS Project - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

bsanb
2007-06-11, 22:58
Logfile of HijackThis v1.99.1
Scan saved at 1:59:55 PM, on 6/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\MIT\KLP\klptray.exe
C:\Program Files\Kerberos\krbcc32s.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\swares\2xExplorer\2xExplorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\swares\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: KlpTray.lnk = C:\Program Files\MIT\KLP\klptray.exe
O4 - Global Startup: Leash Kerberos Ticket Manager.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O4 - Global Startup: WordWeb.lnk.disabled
O8 - Extra context menu item: Download using Download &Express - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AfsLogon - C:\WINDOWS\system32\afslogon.dll
O20 - Winlogon Notify: KFWLogon - C:\WINDOWS\system32\afslogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BJZCWY - Unknown owner - C:\DOCUME~1\bsanjayb\LOCALS~1\Temp\BJZCWY.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: OpenAFS Client (TransarcAFSDaemon) - OpenAFS Project - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

bsanb
2007-06-11, 23:02
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, June 11, 2007 1:55:04 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 11/06/2007
Kaspersky Anti-Virus database records: 342411
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 124366
Number of viruses found: 3
Number of infected objects: 23
Number of suspicious objects: 2
Duration of the scan process: 02:03:08

Infected Object Name / Virus Name / Last Action
C:\bsb\tools\AntiMalware\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/1/EnigmaUpdater.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\bsb\tools\AntiMalware\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/2/esgi_md5h.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\bsb\tools\AntiMalware\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/7/SpyHunter.exe Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\bsb\tools\AntiMalware\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/17/Esgiutl1.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\bsb\tools\AntiMalware\Free-SpyHunter-Scanner-Install.exe/PRE/data/{65145FC9-DEA0-4738-A4FE-376C2BA51806}/18/SHSched.dll Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\bsb\tools\AntiMalware\Free-SpyHunter-Scanner-Install.exe/PRE Infected: not-a-virus:FraudTool.Win32.SpyHunter.b skipped
C:\bsb\tools\AntiMalware\Free-SpyHunter-Scanner-Install.exe Ghost Installer: infected - 6 skipped
C:\bsb\tools\AntiMalware\Free-SpyHunter-Scanner-Install.exe UPX: infected - 6 skipped
C:\bsb\tools\PCtools\RegistryDoc_Install.exe/Stream/data0001 Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\PCtools\RegistryDoc_Install.exe/Stream/data0007 Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\PCtools\RegistryDoc_Install.exe/Stream/data0010 Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\PCtools\RegistryDoc_Install.exe/Stream Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\PCtools\RegistryDoc_Install.exe Inno: infected - 4 skipped
C:\bsb\tools\RegistryDoc_Install.exe/Stream/data0001 Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\RegistryDoc_Install.exe/Stream/data0007 Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\RegistryDoc_Install.exe/Stream/data0010 Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\RegistryDoc_Install.exe/Stream Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\RegistryDoc_Install.exe Inno: infected - 4 skipped
C:\bsb\tools\utils\RegistryDoc_Install.exe/Stream/data0001 Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\utils\RegistryDoc_Install.exe/Stream/data0007 Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\utils\RegistryDoc_Install.exe/Stream/data0010 Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\utils\RegistryDoc_Install.exe/Stream Infected: not-a-virus:FraudTool.Win32.RegistryDoc.2006 skipped
C:\bsb\tools\utils\RegistryDoc_Install.exe Inno: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Lenovo\messages\logs\lf000.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff8b6423e9e6bac92437a6ccf2413f92_6948e975-c7e0-42c6-8274-92a22297dfdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070611_Time-110222796_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070611_Time-110222796_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_SUN.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_SUN.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip/uninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\VMware\vmnetdhcp.leases Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\Collab\RSS Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\Preferences\AutoFillDefaults.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\Preferences\defaultHeuristics.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\log.idx Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\l_000101.log Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\sched-0001.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\sched-0002.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0001.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0002.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0003.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0004.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0005.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0006.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0007.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0008.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0009.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0011.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0012.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0013.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\user-0000.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Google\Local Search History\google%2Eweb.w Object is locked skipped
C:\Documents and Settings\San\Application Data\IBM\Java\Deployment\deployment.properties Object is locked skipped
C:\Documents and Settings\San\Application Data\Macromedia\Flash Player\#SharedObjects\RKDBXNSH\skype.com\#ui\preferences.sol Object is locked skipped
C:\Documents and Settings\San\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3247866205-2105670090-2518177237-1005\533145ef011ddf5ca3983e2545a902b4_6948e975-c7e0-42c6-8274-92a22297dfdb Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3247866205-2105670090-2518177237-1005\6aa0487f26600cd657138d907005de1e_6948e975-c7e0-42c6-8274-92a22297dfdb Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Excel\Excel11.xlb Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Media Player\00771AE7.wpl Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\MMC\dfrg Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Excel11.pip Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\MSO1033.acl Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\MSOut11.pip Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\PowerP11.pip Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\06_Instructions2_for Zlob removal.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\AfricanFellowsFields.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\alumni on www.iie.org.url Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Alumni workshop guidelines.doc.url Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\CSIRT.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Europa2010 h.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Humphrey06-07 Fellows Profile List for web.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Humphrey06-07_Analysed.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\HumphreySite.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\HumpreyGeneral.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\index.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\ITSecMeeting_12-01-07.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\ITSecMeeting_27-04-07.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\ITSecMIT.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\ITSecurityAuditChecklist.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Letter for Feb Course - Duteil.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\OLK871.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\RegionalAlumni workshop guidelines.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Templates.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\THE RISE OF THE VIRTUAL MACHINES.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\USCert-websiteReviewFreeTools.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Virtualization.LNK Object is locked skipped

bsanb
2007-06-11, 23:05
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Virutalization and DATA CENTER.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Zlob_infection.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Word11.pip Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Wordma11.pip Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Outlook\outcmd.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Outlook\Outlook.NK2 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Outlook\Outlook.xml Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\PowerPoint\PPT11.pcb Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Proof\CUSTOM.DIC Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-1711984796-385799163-2964708926-500\1c219d41-9abb-41b5-beab-7a94361df772 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-1711984796-385799163-2964708926-500\Preferred Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-2211086380-485395168-2894439224-500\0fd705c8-eb4c-4944-8e75-56c6bdd13458 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-2211086380-485395168-2894439224-500\Preferred Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-3247866205-2105670090-2518177237-1005\57dbde19-9b5c-4b66-9a55-01f4cd6bf691 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-3247866205-2105670090-2518177237-1005\92300664-72b6-4eab-8f2f-e405aab73cae Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-3247866205-2105670090-2518177237-1005\c949cbe0-ba40-40ab-baf0-14ce63001b03 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-3247866205-2105670090-2518177237-1005\Preferred Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Templates\~$Normal.dot Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\pluginreg.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\bookmarkbackups\bookmarks-2007-06-09.html Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\bookmarks.bak Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\bookmarks.html Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\cert8.db Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\chrome\userChrome-example.css Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\chrome\userContent-example.css Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\compatibility.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\compreg.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\extensions.cache Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\extensions.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\extensions.rdf Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\history.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\key3.db Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\localstore.rdf Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\metrics.xml Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\mimeTypes.rdf Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\prefs.js Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\search.rdf Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\secmod.db Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\xpti.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\profiles.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Real\RealPlayer\norestore.ste Object is locked skipped
C:\Documents and Settings\San\Application Data\Real\RealPlayer\realplayer.ste Object is locked skipped
C:\Documents and Settings\San\Application Data\Real\RealPlayer\skins\data\normal\imgcache.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Real\RealPlayer\skins\data\normal\state.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\roomab\config.lck Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\roomab\config.xml Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\roomab\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\roomab\index2.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\roomab\profile256.dbb Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\roomab\user1024.dbb Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\shared.lck Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\shared.xml Object is locked skipped
C:\Documents and Settings\San\Application Data\Symantec\Shared\Options.VcPref Object is locked skipped
C:\Documents and Settings\San\Application Data\Talkback\MozillaOrg\Firefox15\Win32\2007031202\manifest.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Talkback\MozillaOrg\Firefox15\Win32\2007031202\permdata.box Object is locked skipped
C:\Documents and Settings\San\Application Data\ThinkVantage\Client Security\encobject.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\ThinkVantage\Client Security\hibernation.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\ThinkVantage\Client Security\hwkeys.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\ThinkVantage\Client Security\pwdrecovery.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\ThinkVantage\Client Security\symkeys.dat Object is locked skipped
C:\Documents and Settings\San\Cookies\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\San\Desktop\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\San\Favorites\Africa Guide - Map of Africa.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Microsoft Websites\IE Add-on site.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Microsoft Websites\IE site on Microsoft.com.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Microsoft Websites\Marketplace.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Microsoft Websites\Microsoft At Home.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Microsoft Websites\Microsoft At Work.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Microsoft Websites\Welcome to IE7.url Object is locked skipped
C:\Documents and Settings\San\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\Accessories & Upgrades.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\Community.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\IBM Home.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\IBM PC Home.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\Support & Services.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\Think News.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\ThinkPad Home.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\ThinkVantage Technologies.url Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\AcroFnt07.lst Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Adobe\Color\ACECache4.lst Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\crawlercfg.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\idx\deletable Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\idx\segments Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\idx\_3f.cfs Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\SID.db Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\SII.db Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\ApplicationHistory\MsiExec.exe.8cb23528.ini.inuse Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\ApplicationHistory\SL1E.tmp.2b86805d.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\ATI\ACE\Profiles.xml Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\fusioncache.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Google\Google Desktop\919b45ba152f\gpac.xml Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\BZOGYTF5\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\BZOGYTF5\fwlink[1] Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\EUXIXTY3\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\SHQN3TUM\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\VLXB21B5\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\VLXB21B5\fwlink[1] Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\FORMS\FRMCACHE.DAT Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\lastplayed.wpl Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\LocalMLS_0.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\LocalMLS_1.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\LocalMLS_2.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\wmdbexport.xml Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\wmpfolders.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Outlook\extend.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Musicmatch\Jukebox\Portables.log Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Musicmatch\MIM\MMCDi.xml Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\08242006.Log Object is locked skipped
C:\Documents and Settings\San\Local Settings\desktop.ini Object is locked skipped

bsanb
2007-06-11, 23:06
C:\Documents and Settings\San\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\Content.IE5\AX4K0P63\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\Content.IE5\HIW311T2\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\Content.IE5\ORANH5E3\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\Content.IE5\SGIF6OO2\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\San\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Analog Clock-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Battery Meter-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Digital Clock-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Google Gadget Tips-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Google Gadgets Calendar-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Media Player Remote-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Wireless Signal Meter-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\San\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\My Documents\My Pictures\My Logitech Pictures\Pictures and Videos\FishTank.avi Object is locked skipped
C:\Documents and Settings\San\My Documents\My Pictures\My Logitech Pictures\Pictures and Videos\folder.dat Object is locked skipped
C:\Documents and Settings\San\My Documents\My Pictures\My Logitech Pictures\Pictures and Videos\Henry.jpg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\San\My Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\My Documents\SecureDrive.vol Object is locked skipped
C:\Documents and Settings\San\My Documents\SkypeSoundEqt.PDF Object is locked skipped
C:\Documents and Settings\San\NetHood\My Web Sites on MSN\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\NetHood\My Web Sites on MSN\target.lnk Object is locked skipped
C:\Documents and Settings\San\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\San\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\San\ntuser.ini Object is locked skipped
C:\Documents and Settings\San\Recent\00_ResearchtoFindandAccess.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\06_Instructions2_for Zlob removal.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\AfricanFellowsFields.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\CSIRT.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\ctrlemlmem4.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\Recent\Digital Line Detect.lnk.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\eml.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\HP Digital Imaging Monitor.lnk.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Humphrey06-07 Fellows Profile List for web.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Humphrey06-07_Analysed.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\HumphreySite.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\HumpreyGeneral.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Logitech Desktop Messenger.lnk.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Logitech SetPoint.lnk.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\PerformanceMeter.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\RegionalAlumni workshop guidelines.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Registration.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\SkypeSoundEqt.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Specifications.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Startup.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\TenderSpecs_June07.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\THE RISE OF THE VIRTUAL MACHINES.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\USCert-websiteReviewFreeTools.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\utils.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Venkat_pdf.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Virtualization.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Virutalization and DATA CENTER.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Zlob_infection.lnk Object is locked skipped
C:\Documents and Settings\San\SendTo\Bluetooth\desktop.ini Object is locked skipped
C:\Documents and Settings\San\SendTo\Bluetooth\Other....lnk Object is locked skipped
C:\Documents and Settings\San\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\San\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\San\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\San\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\San\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\San\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Administrative Tools\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\San\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\San\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\San\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\San\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\San\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\San\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\San\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\San\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\San\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\San\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\San\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\San\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\sanybill\Application Data\Mozilla\Firefox\Profiles\ge4fncwd.default\cert8.db Object is locked skipped
C:\Documents and Settings\sanybill\Application Data\Mozilla\Firefox\Profiles\ge4fncwd.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\sanybill\Application Data\Mozilla\Firefox\Profiles\ge4fncwd.default\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\sanybill\Application Data\Mozilla\Firefox\Profiles\ge4fncwd.default\history.dat Object is locked skipped
C:\Documents and Settings\sanybill\Application Data\Mozilla\Firefox\Profiles\ge4fncwd.default\key3.db Object is locked skipped
C:\Documents and Settings\sanybill\Application Data\Mozilla\Firefox\Profiles\ge4fncwd.default\parent.lock Object is locked skipped
C:\Documents and Settings\sanybill\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Application Data\Mozilla\Firefox\Profiles\ge4fncwd.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Application Data\Mozilla\Firefox\Profiles\ge4fncwd.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Application Data\Mozilla\Firefox\Profiles\ge4fncwd.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Application Data\Mozilla\Firefox\Profiles\ge4fncwd.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\History\History.IE5\MSHist012007061120070612\index.dat Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Temp\Perflib_Perfdata_1104.dat Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Temp\Perflib_Perfdata_167c.dat Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Temp\~DFE98.tmp Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sanybill\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\sanybill\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Veoh Networks\Veoh\client.log Object is locked skipped
C:\Program Files\Veoh Networks\Veoh\upload.log Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc13.tmp Object is locked skipped

bsanb
2007-06-11, 23:08
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc14.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc15.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc16.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc17.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc18.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc19.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc20.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc21.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc22.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc23.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc24.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc25.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc26.doc Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc27.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc28.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc29.log Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc30.REG Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc31.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc32.log Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc33.log Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc34.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc35.exe Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc37.log Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{07986C34-8325-D60A-26AA-163746389479}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{07986C34-8325-D60A-26AA-163746389479}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{152A2428-1F10-2637-7FD6-33E69889E11E}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{152A2428-1F10-2637-7FD6-33E69889E11E}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{6626DBDA-021B-C749-EBCA-74A7599F594C}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{6626DBDA-021B-C749-EBCA-74A7599F594C}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{8B21D205-5F03-5C5C-0DCF-F83BC74BCACF}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{8B21D205-5F03-5C5C-0DCF-F83BC74BCACF}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{B6B175A4-44C6-0025-87C8-40A6A6E898D5}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{B6B175A4-44C6-0025-87C8-40A6A6E898D5}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{D6C33382-7C05-88A5-BC3D-752C772BE1E1}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{D6C33382-7C05-88A5-BC3D-752C772BE1E1}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{E8F29EC9-2661-B048-53C9-3514B3A6BDEF}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{E8F29EC9-2661-B048-53C9-3514B3A6BDEF}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc40.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc9\firstrun.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{A6398580-BEFF-45AF-BFE0-FA7807FA9212}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\00002.SPL Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\00004.SPL Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\00005.SPL Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\00009.SPL Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_3d8.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_9a8.dat Object is locked skipped
C:\WINDOWS\Temp\vmware-serverd.log Object is locked skipped
C:\WINDOWS\Temp\vmware-vmount.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.:sad:

Shaba
2007-06-12, 11:02
Hi

Delete these:

C:\bsb\tools\AntiMalware\Free-SpyHunter-Scanner-Install.exe
C:\bsb\tools\PCtools\RegistryDoc_Install.exe
C:\bsb\tools\RegistryDoc_Install.exe
C:\bsb\tools\utils\RegistryDoc_Install.exe

Empty Recycle Bin

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report

bsanb
2007-06-14, 06:42
Logfile of HijackThis v1.99.1
Scan saved at 12:47:46 AM, on 6/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\MIT\KLP\klptray.exe
C:\Program Files\Kerberos\krbcc32s.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\system32\LVComsX.exe
C:\swares\2xExplorer\2xExplorer.exe
C:\swares\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://web.mit.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Stretch Break.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: KlpTray.lnk = C:\Program Files\MIT\KLP\klptray.exe
O4 - Global Startup: Leash Kerberos Ticket Manager.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O4 - Global Startup: WordWeb.lnk.disabled
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\system32\wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download using Download &Express - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AfsLogon - C:\WINDOWS\system32\afslogon.dll
O20 - Winlogon Notify: KFWLogon - C:\WINDOWS\system32\afslogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BJZCWY - Unknown owner - C:\DOCUME~1\bsanjayb\LOCALS~1\Temp\BJZCWY.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: OpenAFS Client (TransarcAFSDaemon) - OpenAFS Project - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

bsanb
2007-06-14, 06:43
Logfile of HijackThis v1.99.1
Scan saved at 10:56:33 PM, on 6/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\MIT\KLP\klptray.exe
C:\Program Files\Kerberos\krbcc32s.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\swares\2xExplorer\2xExplorer.exe
C:\swares\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [suScheduler] C:\Program Files\ThinkVantage\SystemUpdate\UCLauncher.exe /SCHEDULER
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~2\AMSG\amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk.disabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O4 - Global Startup: KlpTray.lnk = C:\Program Files\MIT\KLP\klptray.exe
O4 - Global Startup: Leash Kerberos Ticket Manager.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O4 - Global Startup: WordWeb.lnk.disabled
O8 - Extra context menu item: Download using Download &Express - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AfsLogon - C:\WINDOWS\system32\afslogon.dll
O20 - Winlogon Notify: KFWLogon - C:\WINDOWS\system32\afslogon.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BJZCWY - Unknown owner - C:\DOCUME~1\bsanjayb\LOCALS~1\Temp\BJZCWY.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: OpenAFS Client (TransarcAFSDaemon) - OpenAFS Project - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

bsanb
2007-06-14, 06:48
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 13, 2007 2:51:39 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 13/06/2007
Kaspersky Anti-Virus database records: 342853
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 126120
Number of viruses found: 2
Number of infected objects: 0
Number of suspicious objects: 3
Duration of the scan process: 01:32:58

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Lenovo\messages\logs\lf000.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff8b6423e9e6bac92437a6ccf2413f92_6948e975-c7e0-42c6-8274-92a22297dfdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070612_Time-221646250_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070612_Time-221646250_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_SUN.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_SUN.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip/uninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\VMware\vmnetdhcp.leases Object is locked skipped
C:\Documents and Settings\bsanjayb\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\bsanjayb\Local Settings\Application Data\Mozilla\Firefox\Profiles\9en3xuet.default\Cache\9653CD84d01 Suspicious: Exploit.HTML.Mht skipped
C:\Documents and Settings\bsanjayb\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\bsanjayb\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\bsanjayb\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\bsanjayb\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\Collab\RSS Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\Preferences\AutoFillDefaults.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\Preferences\defaultHeuristics.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\San\Application Data\Adobe\Acrobat\7.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\log.idx Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\l_000101.log Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\sched-0001.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\sched-0002.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0001.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0002.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0003.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0004.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0005.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0006.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0007.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0008.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0009.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0011.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0012.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\test-0013.cfg Object is locked skipped
C:\Documents and Settings\San\Application Data\AVG7\user-0000.cfg Object is locked skipped

bsanb
2007-06-14, 06:49
C:\Documents and Settings\San\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Google\Local Search History\google%2Eweb.w Object is locked skipped
C:\Documents and Settings\San\Application Data\IBM\Java\Deployment\deployment.properties Object is locked skipped
C:\Documents and Settings\San\Application Data\Macromedia\Flash Player\#SharedObjects\RKDBXNSH\skype.com\#ui\preferences.sol Object is locked skipped
C:\Documents and Settings\San\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3247866205-2105670090-2518177237-1005\533145ef011ddf5ca3983e2545a902b4_6948e975-c7e0-42c6-8274-92a22297dfdb Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3247866205-2105670090-2518177237-1005\6aa0487f26600cd657138d907005de1e_6948e975-c7e0-42c6-8274-92a22297dfdb Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Excel\Excel11.xlb Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Media Player\00771AE7.wpl Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\MMC\dfrg Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Excel11.pip Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\MSO1033.acl Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\MSOut11.pip Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\PowerP11.pip Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\06_Instructions2_for Zlob removal.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\AfricanFellowsFields.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\alumni on www.iie.org.url Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Alumni workshop guidelines.doc.url Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\CSIRT.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Europa2010 h.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Humphrey06-07 Fellows Profile List for web.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Humphrey06-07_Analysed.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\HumphreySite.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\HumpreyGeneral.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\index.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\ITSecMeeting_12-01-07.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\ITSecMeeting_27-04-07.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\ITSecMIT.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\ITSecurityAuditChecklist.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Letter for Feb Course - Duteil.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\OLK871.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\RegionalAlumni workshop guidelines.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Templates.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\THE RISE OF THE VIRTUAL MACHINES.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\USCert-websiteReviewFreeTools.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Virtualization.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Virutalization and DATA CENTER.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Recent\Zlob_infection.LNK Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Word11.pip Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Office\Wordma11.pip Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Outlook\outcmd.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Outlook\Outlook.NK2 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Outlook\Outlook.xml Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\PowerPoint\PPT11.pcb Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Proof\CUSTOM.DIC Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-1711984796-385799163-2964708926-500\1c219d41-9abb-41b5-beab-7a94361df772 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-1711984796-385799163-2964708926-500\Preferred Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-2211086380-485395168-2894439224-500\0fd705c8-eb4c-4944-8e75-56c6bdd13458 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-2211086380-485395168-2894439224-500\Preferred Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-3247866205-2105670090-2518177237-1005\57dbde19-9b5c-4b66-9a55-01f4cd6bf691 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-3247866205-2105670090-2518177237-1005\92300664-72b6-4eab-8f2f-e405aab73cae Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-3247866205-2105670090-2518177237-1005\c949cbe0-ba40-40ab-baf0-14ce63001b03 Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Protect\S-1-5-21-3247866205-2105670090-2518177237-1005\Preferred Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Templates\~$Normal.dot Object is locked skipped
C:\Documents and Settings\San\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\pluginreg.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\bookmarkbackups\bookmarks-2007-06-09.html Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\bookmarks.bak Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\bookmarks.html Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\cert8.db Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\chrome\userChrome-example.css Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\chrome\userContent-example.css Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\compatibility.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\compreg.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\extensions.cache Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\extensions.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\extensions.rdf Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\history.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\key3.db Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\localstore.rdf Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\metrics.xml Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\mimeTypes.rdf Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\prefs.js Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\search.rdf Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\secmod.db Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\xpti.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Mozilla\Firefox\profiles.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Real\RealPlayer\norestore.ste Object is locked skipped
C:\Documents and Settings\San\Application Data\Real\RealPlayer\realplayer.ste Object is locked skipped
C:\Documents and Settings\San\Application Data\Real\RealPlayer\skins\data\normal\imgcache.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Real\RealPlayer\skins\data\normal\state.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\roomab\config.lck Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\roomab\config.xml Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\roomab\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\roomab\index2.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\roomab\profile256.dbb Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\roomab\user1024.dbb Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\shared.lck Object is locked skipped
C:\Documents and Settings\San\Application Data\Skype\shared.xml Object is locked skipped
C:\Documents and Settings\San\Application Data\Symantec\Shared\Options.VcPref Object is locked skipped
C:\Documents and Settings\San\Application Data\Talkback\MozillaOrg\Firefox15\Win32\2007031202\manifest.ini Object is locked skipped
C:\Documents and Settings\San\Application Data\Talkback\MozillaOrg\Firefox15\Win32\2007031202\permdata.box Object is locked skipped
C:\Documents and Settings\San\Application Data\ThinkVantage\Client Security\encobject.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\ThinkVantage\Client Security\hibernation.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\ThinkVantage\Client Security\hwkeys.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\ThinkVantage\Client Security\pwdrecovery.dat Object is locked skipped
C:\Documents and Settings\San\Application Data\ThinkVantage\Client Security\symkeys.dat Object is locked skipped
C:\Documents and Settings\San\Cookies\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\San\Desktop\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\San\Favorites\Africa Guide - Map of Africa.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Microsoft Websites\IE Add-on site.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Microsoft Websites\IE site on Microsoft.com.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Microsoft Websites\Marketplace.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Microsoft Websites\Microsoft At Home.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Microsoft Websites\Microsoft At Work.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Microsoft Websites\Welcome to IE7.url Object is locked skipped
C:\Documents and Settings\San\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\San\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\Accessories & Upgrades.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\Community.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\IBM Home.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\IBM PC Home.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\Support & Services.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\Think News.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\ThinkPad Home.url Object is locked skipped
C:\Documents and Settings\San\Favorites\ThinkPad Recommended Sites\ThinkVantage Technologies.url Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Adobe\Acrobat\7.0\Cache\AcroFnt07.lst Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Adobe\Color\ACECache4.lst Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\crawlercfg.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\idx\deletable Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\idx\segments Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\idx\_3f.cfs Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\SID.db Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Ahead\Nero Home\SII.db Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\ApplicationHistory\MsiExec.exe.8cb23528.ini.inuse Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\ApplicationHistory\SL1E.tmp.2b86805d.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\ATI\ACE\Profiles.xml Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\fusioncache.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Google\Google Desktop\919b45ba152f\gpac.xml Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms Object is locked skipped

bsanb
2007-06-14, 06:51
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\BZOGYTF5\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\BZOGYTF5\fwlink[1] Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\EUXIXTY3\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\SHQN3TUM\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\VLXB21B5\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Feeds Cache\VLXB21B5\fwlink[1] Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\FORMS\FRMCACHE.DAT Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\lastplayed.wpl Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\LocalMLS_0.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\LocalMLS_1.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\LocalMLS_2.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\LocalMLS_3.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\wmdbexport.xml Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Media Player\wmpfolders.wmdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Outlook\extend.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Mozilla\Firefox\Profiles\st1ozpxx.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Musicmatch\Jukebox\Portables.log Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Musicmatch\MIM\MMCDi.xml Object is locked skipped
C:\Documents and Settings\San\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\08242006.Log Object is locked skipped
C:\Documents and Settings\San\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\Content.IE5\AX4K0P63\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\Content.IE5\HIW311T2\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\Content.IE5\ORANH5E3\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\Content.IE5\SGIF6OO2\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\San\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Analog Clock-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Battery Meter-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Digital Clock-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Google Gadget Tips-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Google Gadgets Calendar-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Media Player Remote-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Google Gadgets\Wireless Signal Meter-Google.gg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\San\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\My Documents\My Pictures\My Logitech Pictures\Pictures and Videos\FishTank.avi Object is locked skipped
C:\Documents and Settings\San\My Documents\My Pictures\My Logitech Pictures\Pictures and Videos\folder.dat Object is locked skipped
C:\Documents and Settings\San\My Documents\My Pictures\My Logitech Pictures\Pictures and Videos\Henry.jpg Object is locked skipped
C:\Documents and Settings\San\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\San\My Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\My Documents\SecureDrive.vol Object is locked skipped
C:\Documents and Settings\San\My Documents\SkypeSoundEqt.PDF Object is locked skipped
C:\Documents and Settings\San\NetHood\My Web Sites on MSN\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\NetHood\My Web Sites on MSN\target.lnk Object is locked skipped
C:\Documents and Settings\San\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\San\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\San\ntuser.ini Object is locked skipped
C:\Documents and Settings\San\Recent\00_ResearchtoFindandAccess.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\06_Instructions2_for Zlob removal.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\AfricanFellowsFields.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\CSIRT.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\ctrlemlmem4.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\San\Recent\Digital Line Detect.lnk.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\eml.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\HP Digital Imaging Monitor.lnk.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Humphrey06-07 Fellows Profile List for web.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Humphrey06-07_Analysed.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\HumphreySite.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\HumpreyGeneral.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Logitech Desktop Messenger.lnk.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Logitech SetPoint.lnk.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\PerformanceMeter.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\RegionalAlumni workshop guidelines.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Registration.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\SkypeSoundEqt.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Specifications.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Startup.lnk Object is locked skipped

bsanb
2007-06-14, 06:52
C:\Documents and Settings\San\Recent\TenderSpecs_June07.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\THE RISE OF THE VIRTUAL MACHINES.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\USCert-websiteReviewFreeTools.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\utils.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Venkat_pdf.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Virtualization.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Virutalization and DATA CENTER.lnk Object is locked skipped
C:\Documents and Settings\San\Recent\Zlob_infection.lnk Object is locked skipped
C:\Documents and Settings\San\SendTo\Bluetooth\desktop.ini Object is locked skipped
C:\Documents and Settings\San\SendTo\Bluetooth\Other....lnk Object is locked skipped
C:\Documents and Settings\San\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\San\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\San\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\San\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\San\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\San\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Administrative Tools\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\San\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\San\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\San\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\San\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\San\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\San\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\San\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\San\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\San\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\San\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\San\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\San\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\San\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\sanybill\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Temp\Perflib_Perfdata_1290.dat Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Temp\Perflib_Perfdata_17b4.dat Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Temp\~DF3ACC.tmp Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\sanybill\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\sanybill\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\sanybill\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Veoh Networks\Veoh\client.log Object is locked skipped
C:\Program Files\Veoh Networks\Veoh\upload.log Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc13.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc14.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc15.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc16.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc17.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc18.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc19.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc20.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc21.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc22.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc23.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc24.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc25.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc26.doc Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc27.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc28.tmp Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc29.log Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc30.REG Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc31.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc32.log Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc33.log Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc34.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc35.exe Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc37.log Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{07986C34-8325-D60A-26AA-163746389479}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{07986C34-8325-D60A-26AA-163746389479}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{152A2428-1F10-2637-7FD6-33E69889E11E}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{152A2428-1F10-2637-7FD6-33E69889E11E}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{6626DBDA-021B-C749-EBCA-74A7599F594C}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{6626DBDA-021B-C749-EBCA-74A7599F594C}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{8B21D205-5F03-5C5C-0DCF-F83BC74BCACF}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{8B21D205-5F03-5C5C-0DCF-F83BC74BCACF}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{B6B175A4-44C6-0025-87C8-40A6A6E898D5}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{B6B175A4-44C6-0025-87C8-40A6A6E898D5}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{D6C33382-7C05-88A5-BC3D-752C772BE1E1}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{D6C33382-7C05-88A5-BC3D-752C772BE1E1}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{E8F29EC9-2661-B048-53C9-3514B3A6BDEF}\1033\strings.xml Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc4\{E8F29EC9-2661-B048-53C9-3514B3A6BDEF}\gadget.gmanifest Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc40.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-3247866205-2105670090-2518177237-1005\Dc9\firstrun.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\00002.SPL Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\00004.SPL Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\00005.SPL Object is locked skipped
C:\WINDOWS\system32\spool\PRINTERS\00009.SPL Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_3c8.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_a0c.dat Object is locked skipped
C:\WINDOWS\Temp\vmware-serverd.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Shaba
2007-06-14, 12:02
Hi

Empty this folder:

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\

Empty Recycle Bin

Otherwise looking good :)

Still problems?

tashi
2007-06-20, 17:36
Guess not. Thank you Shaba.