View Full Version : Google search sends me to ad sites
Riod1508
2007-12-20, 22:26
When I do a google search and click on one of the results, instead of going to the site of the response, I get various adverisement or additional search sites. If I immediately go back and click on the same response again, I will go to the proper site.
I ran superantispyware and it found zlob.dnschanger.rtk. I also ran the smitfraud fix.
I have downloaded and run the kapersky and it on detected the smitfraud executables. I ran Spybot 1.5 and it detected zlob.dnschanger.rtk. I ran the fix and it said it was corrected. I ran Spybot again and it found the zlob again.
The kapersky log won't fit.
Here is the HJT log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:24 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\Program Files\Jasc Software Inc\Paint Shop Pro 8\Paint Shop Pro.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
M:\Saved from c-drive so I can defrag\Highjackthis\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.comcast.net/~riod
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [CamMonitor] "c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\RECYCLER\S-1-5-~3\Dc227.SH! C:\RECYCLER\S-1-5-~3\Dc226.SH! C:\RECYCLER\S-1-5-~3\Dc225.SH! C:\RECYCLER\S-1-5-~3\Dc224.SH! C:\RECYCLER\S-1-5-~3\Dc223.SH! C:\RECYCLER\S-1-5-~3\Dc222.SH! C:\RECYCLER\S-1-5-~3\Dc221.SH! C:\RECYCLER\S-1-5-~3\Dc220.SH! C:\RECYCLER\S-1-5-~3\Dc219.SH! C:\RECYCLER\S-1-5-~3\Dc218.SH! C:\RECYCLER\S-1-5-~3\Dc217.SH! C:\RECYCLER\S-1-5-~3\Dc216.SH! C:\RECYCLER\S-1-5-~3\Dc215.SH! C:\RECYCLER\S-1-5-~3\Dc214.SH! C:\RECYCLER\S-1-5-~3\Dc213.SH! C:\RECYCLER\S-1-5-~3\Dc212.SH! C:\RECYCLER\S-1-5-~3\Dc211.SH! C:\RECYCLER\S-1-5-~3\Dc210.SH! C:\RECYCLER\S-1-5-~3\Dc209.SH! C:\RECYCLER\S-1-5-~3\Dc208.SH! C:\RECYCLER\S-1-5-~3\Dc207.SH! C:\RECYCLER\S-1-5-~3\Dc206.SH! C:\RECYCLER\S-1-5-~3\Dc205.SH! C:\RECYCLER\S-1-5-~3\Dc204.SH! C:\RECYCLER\S-1-5-~3\Dc203.SH! C:\RECYCLER\S-1-5-~3\Dc202.SH! C:\RECYCLER\S-1-5-~3\Dc201.SH! C:\RECYCLER\S-1-5-~3\Dc200.SH! C:\RECYCLER\S-1-5-~3\Dc199.SH! C:\RECYCLER\S-1-5-~3\Dc198.SH! C:\RECYCLER
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} (PdvrOcx Class) - http://www.dvrstation.com/pdvratl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D06ED82-DB45-4F5A-B64D-5213006503AB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{x78376EC4-0D12-4C05-A4D8-2DD7BDCA2AF8}: NameServer = 208.67.220.220 208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{8D06ED82-DB45-4F5A-B64D-5213006503AB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{8D06ED82-DB45-4F5A-B64D-5213006503AB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NMGSKZCH - Unknown owner - C:\DOCUME~1\LYNN~1.LYN\LOCALS~1\Temp\NMGSKZCH.exe (file missing)
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCDEFURCD - Unknown owner - C:\DOCUME~1\LYNN~1.LYN\LOCALS~1\Temp\PCDEFURCD.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe (file missing)
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
--
End of file - 10938 bytes
Hi Riod1508 and welcome to Safer Networking Forums :)
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://download.bleepingcomputer.com/lonny/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure Run fixit is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads, post the text that will open (report.txt) and a new Hijackthis log in the forum please.
Riod1508
2007-12-22, 19:40
Thank you for the prompt response.
her is the text from fixware at startup -
Username "Lynn" - 12/22/2007 12:25:01 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdabt.exe"
Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdabt.ren 73780 06/13/2007
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"Share-to-Web Namespace Daemon"="\"c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe\""
"CamMonitor"="\"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe\""
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"nwiz"="\"nwiz.exe\" /install"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"Ink Monitor"="\"C:\\Program Files\\EPSON\\Ink Monitor\\InkMonitor.exe\""
"InCD"="\"C:\\Program Files\\Ahead\\InCD\\InCD.exe\""
"mxomssmenu"="\"C:\\Program Files\\Maxtor\\OneTouch Status\\maxmenumgr.exe\""
"McAfee Backup"="\"C:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe\""
"MBkLogOnHook"="C:\\Program Files\\McAfee\\MBK\\LogOnHook.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
Here is the HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:07 PM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\QuickTime\qttask.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\Program Files\Internet Explorer\iexplore.exe
M:\Saved from c-drive so I can defrag\Highjackthis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.comcast.net/~riod
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [CamMonitor] "c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\RECYCLER\S-1-5-~3\Dc227.SH! C:\RECYCLER\S-1-5-~3\Dc226.SH! C:\RECYCLER\S-1-5-~3\Dc225.SH! C:\RECYCLER\S-1-5-~3\Dc224.SH! C:\RECYCLER\S-1-5-~3\Dc223.SH! C:\RECYCLER\S-1-5-~3\Dc222.SH! C:\RECYCLER\S-1-5-~3\Dc221.SH! C:\RECYCLER\S-1-5-~3\Dc220.SH! C:\RECYCLER\S-1-5-~3\Dc219.SH! C:\RECYCLER\S-1-5-~3\Dc218.SH! C:\RECYCLER\S-1-5-~3\Dc217.SH! C:\RECYCLER\S-1-5-~3\Dc216.SH! C:\RECYCLER\S-1-5-~3\Dc215.SH! C:\RECYCLER\S-1-5-~3\Dc214.SH! C:\RECYCLER\S-1-5-~3\Dc213.SH! C:\RECYCLER\S-1-5-~3\Dc212.SH! C:\RECYCLER\S-1-5-~3\Dc211.SH! C:\RECYCLER\S-1-5-~3\Dc210.SH! C:\RECYCLER\S-1-5-~3\Dc209.SH! C:\RECYCLER\S-1-5-~3\Dc208.SH! C:\RECYCLER\S-1-5-~3\Dc207.SH! C:\RECYCLER\S-1-5-~3\Dc206.SH! C:\RECYCLER\S-1-5-~3\Dc205.SH! C:\RECYCLER\S-1-5-~3\Dc204.SH! C:\RECYCLER\S-1-5-~3\Dc203.SH! C:\RECYCLER\S-1-5-~3\Dc202.SH! C:\RECYCLER\S-1-5-~3\Dc201.SH! C:\RECYCLER\S-1-5-~3\Dc200.SH! C:\RECYCLER\S-1-5-~3\Dc199.SH! C:\RECYCLER\S-1-5-~3\Dc198.SH! C:\RECYCLER
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} (PdvrOcx Class) - http://www.dvrstation.com/pdvratl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D06ED82-DB45-4F5A-B64D-5213006503AB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{x78376EC4-0D12-4C05-A4D8-2DD7BDCA2AF8}: NameServer = 208.67.220.220 208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{8D06ED82-DB45-4F5A-B64D-5213006503AB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{8D06ED82-DB45-4F5A-B64D-5213006503AB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NMGSKZCH - Unknown owner - C:\DOCUME~1\LYNN~1.LYN\LOCALS~1\Temp\NMGSKZCH.exe (file missing)
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCDEFURCD - Unknown owner - C:\DOCUME~1\LYNN~1.LYN\LOCALS~1\Temp\PCDEFURCD.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe (file missing)
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 10855 bytes
Hi
Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be available on some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed
Empty this folder:
C:\WINDOWS\Temp
Empty Recycle Bin.
Post back a fresh HijackThis log.
Riod1508
2007-12-22, 20:24
Here is the latest HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:37 PM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\PSIService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
M:\Saved from c-drive so I can defrag\Highjackthis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.comcast.net/~riod
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [CamMonitor] "c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\RECYCLER\S-1-5-~3\Dc227.SH! C:\RECYCLER\S-1-5-~3\Dc226.SH! C:\RECYCLER\S-1-5-~3\Dc225.SH! C:\RECYCLER\S-1-5-~3\Dc224.SH! C:\RECYCLER\S-1-5-~3\Dc223.SH! C:\RECYCLER\S-1-5-~3\Dc222.SH! C:\RECYCLER\S-1-5-~3\Dc221.SH! C:\RECYCLER\S-1-5-~3\Dc220.SH! C:\RECYCLER\S-1-5-~3\Dc219.SH! C:\RECYCLER\S-1-5-~3\Dc218.SH! C:\RECYCLER\S-1-5-~3\Dc217.SH! C:\RECYCLER\S-1-5-~3\Dc216.SH! C:\RECYCLER\S-1-5-~3\Dc215.SH! C:\RECYCLER\S-1-5-~3\Dc214.SH! C:\RECYCLER\S-1-5-~3\Dc213.SH! C:\RECYCLER\S-1-5-~3\Dc212.SH! C:\RECYCLER\S-1-5-~3\Dc211.SH! C:\RECYCLER\S-1-5-~3\Dc210.SH! C:\RECYCLER\S-1-5-~3\Dc209.SH! C:\RECYCLER\S-1-5-~3\Dc208.SH! C:\RECYCLER\S-1-5-~3\Dc207.SH! C:\RECYCLER\S-1-5-~3\Dc206.SH! C:\RECYCLER\S-1-5-~3\Dc205.SH! C:\RECYCLER\S-1-5-~3\Dc204.SH! C:\RECYCLER\S-1-5-~3\Dc203.SH! C:\RECYCLER\S-1-5-~3\Dc202.SH! C:\RECYCLER\S-1-5-~3\Dc201.SH! C:\RECYCLER\S-1-5-~3\Dc200.SH! C:\RECYCLER\S-1-5-~3\Dc199.SH! C:\RECYCLER\S-1-5-~3\Dc198.SH! C:\RECYCLER
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} (PdvrOcx Class) - http://www.dvrstation.com/pdvratl.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NMGSKZCH - Unknown owner - C:\DOCUME~1\LYNN~1.LYN\LOCALS~1\Temp\NMGSKZCH.exe (file missing)
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCDEFURCD - Unknown owner - C:\DOCUME~1\LYNN~1.LYN\LOCALS~1\Temp\PCDEFURCD.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe (file missing)
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 10337 bytes
Hi
Open HijackThis, click do a system scan only and checkmark these:
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\RECYCLER\S-1-5-~3\Dc227.SH! C:\RECYCLER\S-1-5-~3\Dc226.SH! C:\RECYCLER\S-1-5-~3\Dc225.SH! C:\RECYCLER\S-1-5-~3\Dc224.SH! C:\RECYCLER\S-1-5-~3\Dc223.SH! C:\RECYCLER\S-1-5-~3\Dc222.SH! C:\RECYCLER\S-1-5-~3\Dc221.SH! C:\RECYCLER\S-1-5-~3\Dc220.SH! C:\RECYCLER\S-1-5-~3\Dc219.SH! C:\RECYCLER\S-1-5-~3\Dc218.SH! C:\RECYCLER\S-1-5-~3\Dc217.SH! C:\RECYCLER\S-1-5-~3\Dc216.SH! C:\RECYCLER\S-1-5-~3\Dc215.SH! C:\RECYCLER\S-1-5-~3\Dc214.SH! C:\RECYCLER\S-1-5-~3\Dc213.SH! C:\RECYCLER\S-1-5-~3\Dc212.SH! C:\RECYCLER\S-1-5-~3\Dc211.SH! C:\RECYCLER\S-1-5-~3\Dc210.SH! C:\RECYCLER\S-1-5-~3\Dc209.SH! C:\RECYCLER\S-1-5-~3\Dc208.SH! C:\RECYCLER\S-1-5-~3\Dc207.SH! C:\RECYCLER\S-1-5-~3\Dc206.SH! C:\RECYCLER\S-1-5-~3\Dc205.SH! C:\RECYCLER\S-1-5-~3\Dc204.SH! C:\RECYCLER\S-1-5-~3\Dc203.SH! C:\RECYCLER\S-1-5-~3\Dc202.SH! C:\RECYCLER\S-1-5-~3\Dc201.SH! C:\RECYCLER\S-1-5-~3\Dc200.SH! C:\RECYCLER\S-1-5-~3\Dc199.SH! C:\RECYCLER\S-1-5-~3\Dc198.SH! C:\RECYCLER
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: NMGSKZCH - Unknown owner - C:\DOCUME~1\LYNN~1.LYN\LOCALS~1\Temp\NMGSKZCH.exe (file missing)
O23 - Service: PCDEFURCD - Unknown owner - C:\DOCUME~1\LYNN~1.LYN\LOCALS~1\Temp\PCDEFURCD.exe (file missing)
Close all windows including browser and press fix checked.
Reboot.
Post back a fresh HijackThis log.
Riod1508
2007-12-23, 01:20
Here is the latest HJT log -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:56 PM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
M:\Saved from c-drive so I can defrag\Highjackthis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = Download Directory
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.comcast.net/~riod
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [CamMonitor] "c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Ink Monitor] "C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\S6U12BX\WATCH.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D64CF6D4-45DF-4D8F-9F14-E65FADF2777C} (PdvrOcx Class) - http://www.dvrstation.com/pdvratl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe (file missing)
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 8690 bytes
Hi
Looks better :)
Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.
Note: This scanner will work with Internet Explorer Only!
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Post:
- a fresh HijackThis log
- kaspersky report
Riod1508
2007-12-24, 20:20
Kaspersky report is too long. It detected my smit fraud folder and files, but, listed them as not a virus or threat. That is all.
Hi
You can split it into multiple replies, please :)
Riod1508
2007-12-25, 02:46
Monday, December 24, 2007 1:12:58 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/12/2007
Kaspersky Anti-Virus database records: 492724
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
Scan Statistics
Total number of scanned objects 140707
Number of viruses found 1
Number of infected objects 2
Number of suspicious objects 0
Duration of the scan process 03:52:44
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{5AC755DA-7146-46A4-A69E-8751E83D97E1}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Lynn.LYNNS_HP\Application Data\McAfee\MBK\ARBUSFILE.GDB Object is locked skipped
C:\Documents and Settings\Lynn.LYNNS_HP\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Lynn.LYNNS_HP\Desktop\Disk Clean out\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Lynn.LYNNS_HP\Desktop\Disk Clean out\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Lynn.LYNNS_HP\Local Settings\Application Data\ApplicationHistory\McAfeeDataBackup.exe.e548c4c.ini.inuse Object is locked skipped
C:\Documents and Settings\Lynn.LYNNS_HP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Lynn.LYNNS_HP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Lynn.LYNNS_HP\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lynn.LYNNS_HP\Local Settings\Temp\fb_2452.lck Object is locked skipped
C:\Documents and Settings\Lynn.LYNNS_HP\Local Settings\Temp\~DF268D.tmp Object is locked skipped
C:\Documents and Settings\Lynn.LYNNS_HP\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lynn.LYNNS_HP\ntuser.dat Object is locked skipped
C:\Documents and Settings\Lynn.LYNNS_HP\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Adobe\Acrobat\Whapi\CreatePDFWinColor.ico Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Adobe\Acrobat\Whapi\CreatePDFWinGray.ico Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Adobe\Acrobat\Whapi\SearchPDFWinColor.ico Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Adobe\Acrobat\Whapi\SearchPDFWinGray.ico Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Adobe\Acrobat\Whapi\WHAppList.xml Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Apple Computer\QuickTime\QTPlayerSession.xml Object is locked skipped
C:\Documents and Settings\Owner\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.cch Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.old Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Protect\S-1-5-21-1614895754-448539723-682003330-1003\20e5fddd-11e8-4f4a-9ce0-2803e7f8dc32 Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Protect\S-1-5-21-1614895754-448539723-682003330-1003\Preferred Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Symantec\Shared\Options.VcPref Object is locked skipped
C:\Documents and Settings\Owner\Application Data\VERITAS\Update Manager\sumdb.dat Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Air and Space at Dulles\Steven F. Udvar Hazy Center.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Archbishop Curley High\Archbishop Curley High School - Baltimore MD.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Archdiocese of Baltimore\Welcome to the Archdiocese of Baltimore.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Art League of Ocean City\aloc new index.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\B+H\Tamron Zoom Wide Angle-Telephoto AF 28-300mm f-3.5-6.3 Ultra Zoom XR LD Aspherical IF Macro Autofocus Lens for Canon EOS.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Baltimore County\Baltimore County Home Page.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Baltimore County\Baltimore County Public Library Home Page.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Baltimore County\Baltimore County Public Library.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Baltimore County\BCPL Employment Opportunities Page.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Baltimore, Maryland Welcomes You to the Greatest City in America.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Bob Ehrlich for Governor.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Cape Isle of Wight\Cape Isle of Wight Home.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Capitol Dragway\Capitol Raceway's Schedule of Events.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Car Stuff\j-body.org - The J-Body Organization.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Car Stuff\My GMLink - VEHICLE PAGE.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Car Stuff\myCarStats automobile saftey and recalls The Key to Protecting Your Family - reports on your car recalls, auto recalls and car.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Car Stuff\New car prices, used car pricing, auto reviews by Edmunds car buying guide.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Catholic Stuff\Almost a Saint Pope John XXIII - November 1996 Issue of St. Anthony Messenger Magazine Online.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Catholic Stuff\Catholic Encyclopedia.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Catholic Stuff\Catholic Online Saints & Angels.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Catholic Stuff\Catholic Resources on the Net.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Channels\Microsoft Channel Guide\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Colleges\aacc transcript on computer.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Colleges\AACC Transcript page.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Colleges\College Board - SAT Registration - College Admissions.url Object is locked skipped
Riod1508
2007-12-25, 02:47
C:\Documents and Settings\Owner\Favorites\Colleges\Quinnipiac University Download Wallpaper.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Colleges\Quinnipiac University Undergraduate Admissions Message Board.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Colleges\Quinnipiac University - Degrees in Accounting, Advertising, Biology, Communications, Education & Other Majors.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Colleges\Quinnipiac University Tuition and Fees Link.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Colleges\Welcome to Frostburg State University.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Colleges\York College.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Common Application Form\Welcome to the Common App Online!.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Computer Stores\TigerDirect.com - Category Pages.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Computing magazines\Smart Computing--Computer articles, computer reviews, tips, and advice in plain English--Smart Computing.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Cooking and recipes\Char-Broil.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Cooking and recipes\EPICURIOUS BON APPETIT MAIN PAGE.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Cooking and recipes\EPICURIOUS BON APPÉTIT.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Cooking and recipes\EPICURIOUS RECIPE FILE.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Cooking and recipes\Taste of Home .url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Costco Online\Costco Online.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Favorites\DiGennaro\Abruzzo 2000 World Central for Abruzzese abroad and tourists.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Camera sites\CNET Computers.com.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Camera sites\Consumer Guide - Find Best Price - home.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Camera sites\Digital Camera Resource Page.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Camera sites\Imaging Resource.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Camera sites\PhotoHighway.com - Better Digital Photography Starts Here.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Camera sites\Steve's Digicams Hardware Reviews.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Camera sites\The Digital Kingdom.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Canon Digital Rebel\Canon EOS 300D - Digital Rebel Review 1. Introduction Digital Photography Review.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Canon Digital Rebel\Flash Photography with Canon EOS Cameras - Part I..url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Consumer Reviews\Digital Camera Product Reviews Digital Photography Review.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Consumer Reviews\Digital Cameras - Kodak DC4800 Zoom Digital Camera Review.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Consumer Reviews\Kodak DC4800 review Page 1. Introduction [Digital Photography Review].url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Consumer Reviews\megapixel.net Webzine Digital Camera Reviews and Information.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Consumer Reviews\Nikon Coolpix 5700 digital camera specifications Digital Photography Review.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Consumer Reviews\Review Sony Mavica MVC-CD1000 digital camera.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Digital Photography Review News, Reviews, Forums, FAQ.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Digital slave flash\Slave Flash Products for Digital Cameras.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Enlargments\Big Color Poster Prints at Huge Discounts - Creative Juices Printing and Graphics - Bigposters.com.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\EOS Flash Document\Flash Photography with Canon EOS Cameras - Part I..url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Exposure concerns\Exposure.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Forums\Digital camera photo galleries, info and forum.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Forums\Imaging Resource Forum.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Forums\Imaging Resource Forums.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Forums\Kodak Talk Forum Digital Photography Review.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Forums\PC Tools Forum Digital Photography Review.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Forums\Samples and Galleries Forum Digital Photography Review.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Forums\Welcome to the Photoshopper Digital Photography Forum.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\GIMP editor\The GIMP Homepage.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Lens reports\FM Reviews - Main Index.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Lens reports\Lens Test Guide.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Lenses\shutterbug Tamron 28 to 300mm Lens.url Object is locked skipped
Riod1508
2007-12-25, 02:49
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Lenses\Sigma 28-300.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Luis Lebron Digital Photography\DIGITAL PHOTOGRAPHY BY LUIS LEBRON.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Photo Magazines\Digital Camera Magazine.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Photo Magazines\eDigital Photo.com -Changing The Face Of Photography.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Photo Magazines\PCPhoto Magazine features the best of digital photography and digital imaging.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Photo Magazines\Popular Photography Magazine.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Photo Magazines\Shutterbug Magazine - The latest on photography, cameras, film, lenses, equipment, darkroom, lighting, flash, color processing.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Photo Services\Pro Photo Imaging.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\photo.net home page and Recent Digital Camera Reviews.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Photonotes\PhotoNotes.org.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Sensor swab site\CCD - CMOS Cleaning Photo Gallery by Nicholas R. at pbase.com.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Trek Earth .url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\Trek Lens.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Digital Camera Stuff\VS.VSN Object is locked skipped
C:\Documents and Settings\Owner\Favorites\DriverFiles.net Driver Downloads - Scanners - Plustek - OpticPro 9363T - PlusTek_OpticPro_9636T.zip.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\EMAIL - Comcast.net.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Exchange Forums\msexchange.org.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Exchange Forums\Outlook Web Access to Microsoft Exchange Server.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Exchange Forums\Tek TipsMicrosoft Exchange Forums.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\EZ Pass\Welcome To E-ZPass Maryland.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Fafsa Stuff\FAFSA on the Web - U.S. Department of Education.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Fafsa Stuff\SAR on the Web - Student Access Online - U.S. Department of Education.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Fasfa Stuff\U.S. Department of Education - The PIN Web Site.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\File extension list\Webopedia Data Formats and Their File Extensions.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\File extension list\What Is...every file format in the world - A through E.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\File extension list\WhatIs.com.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN CarPoint.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN Home.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN HomeAdvisor.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN Hotmail.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN Money.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN People & Chat.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN Shopping.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Links\MSN Web Search.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Stuff\0 Quicken.com - Portfolio .url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Stuff\0 Stock Portfolio.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Stuff\Benefits Communication Corporation.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Stuff\Countrywide Home Loans .url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Stuff\Dogs of the Dow - Dog Steps.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Stuff\MassMutual.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Stuff\Midland National Life Online Home.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Financial Stuff\Tax Calculator -- Heritage.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Fraternal Stuff\American Legion National Headquarters.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Fraternal Stuff\Knights of Columbus The Official Web Site.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Fraternal Stuff\Moose International - The Family Fraternity - Moose International - The Family Fraternity.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Fraternal Stuff\Order Sons of Italy in America.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Free Spyware Remover - Spy Ware Removal and Internet Privacy Test.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Geico\Welcome to GEICO Directr, The Sensible Alternative, Insurance Web Site.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Geraint's Web Page\Welcome to Geraint.ORG.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Health Stuff\BlueCross CareFirst.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Health Stuff\Fibroid Corner.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Health Stuff\PDR Family Guide Drug Profiles .url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Health Stuff\WOMEN HEADACHE HORMONES.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HIJack This and more\Merijn.org.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Hoax Busters\CIAC Full Hoax Index.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Holiday Inn Reservations\Holiday Inn Hotels & Resorts Hotel Reservations The Official Web Site.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\How to update your computer with the JPEG processing (GDI+) security update.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\Amazon.com.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\Corel Online Store.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\Detto IntelliMover Online Store.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\Emusic.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\hp customer care.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\hp music store.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\hp pavilion home computing.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\hp user support forum guide.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\AOL.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\CompuServe.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\Dialpad.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\Direct TV DSL.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\Earthlink DSL.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\Earthlink Web Hosting.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\Earthlink.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\MSN.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\Ofoto.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\hp's online shopping center.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\my hp club.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\Quicken New User Edition.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\SkyDesk @ Backup Service.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\Software Offers.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\Symantec Online Store.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\HP's Recommended Web Sites\ZeroKnowledge Online Store.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Internet Explorer Update Reminder.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Java Cool Spy Watcher\Javacool Software.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Kodak Service\KODAK Service & Support - DC4800 Zoom Digital Camera.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Lacrosse\MarylandIndoorLax.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\0 DRUDGE REPORT .url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\Comcast.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\McAfee Reports Online.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\MECU.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\QU Webcams.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Maps\Orlando\600 W Amelia Street.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Maps\Orlando\Charleston, S.C..url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Maps\Orlando\Chesapeake Bridge - Tunnel.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Maps\Orlando\Expo Center.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Maps\Orlando\Kity Hawk.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Maps\Rand McNally Online .url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Maps\Rand McNally Travel Links.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Maps\Yahoo! Maps and Driving Directions.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Market Day\Market Day ..url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Martins Museum\Glenn L Martin Aviation Museum.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Maryland Missing Property\Missing Money Free Search for Unclaimed Property - Officially endorsed By The States.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Maryland Stuff\Maryland Republican Party.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Maryland Stuff\Real Property Search.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Maryland Stuff\The Maryland State Lottery (Official Site).url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Mcafee Asap Site\McAfee.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\ABC News and Entertainment.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Bloomberg.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\CBS.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\CHIMES.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\CHORD.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\CNET Today - Technology News.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\CNN Videoselect.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\DING.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Disney.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\ESPN Sports.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Hollywood Online.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Internet Radio Guide.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\LOGOFF.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\MSNBC.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\MUSICVIDEOS.COM.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\NBC VideoSeeker.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\NOTIFY.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Office97\APPLAUSE.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Office97\CAMERA.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Office97\CARBRAKE.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Office97\CASHREG.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Office97\CHIMES.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Office97\CLAP.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Office97\DRIVEBY.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Office97\DRUMROLL.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Office97\EXPLODE.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Office97\GLASS.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Office97\GUNSHOT.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Office97\LASER.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Office97\MSCREATE.DIR Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Office97\PROJCTOR.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Office97\REMINDER.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Office97\RICOCHET.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Office97\TYPE.WAV Object is locked skipped
Riod1508
2007-12-25, 02:54
C:\Documents and Settings\Owner\Favorites\MEDIA\Office97\WHOOSH.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\RECYCLE.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\TADA.WAV Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\The Microsoft Sound.wav Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Universal Studios Online.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Warner Bros. Hip Clips.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\What's On Now.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MEDIA\Windows Media Showcase.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Merck\Merck & Co., Inc. is a global research-driven pharmaceutical company dedicated to putting patients first..url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Michelle's Wedding Photographer.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MicroSoft\Microsoft Corporation Home Page; Welcome to M..url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MicroSoft\Microsoft knowledge base search.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MicroSoft\Microsoft Office - Microsoft Outlook.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MicroSoft\Microsoft Personal Support Center from Product Support Services.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MicroSoft\Microsoft TechNet ITHome - Year 2000.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MicroSoft\Microsoft Technical Support Newsgroups.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Military\Fleet Reserve Home Page.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Military\Military.com.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Military\USNTC Bainbridge Main.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Military\Welcome to Military.com.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Model Release\Digital PhotoCorner - Model Release Forms 2.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Money to Quicken Conversion\Convert MONEY to Quicken.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Movie Folder\The Internet Movie Database (IMDb)..url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\MSN.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Music Stuff\Christmas Midi Music from Victor James.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\My Documents.lnk Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Naval History and Photography.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Navy Data Processors Association\NavyDP Association Home.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\News\Accuracy In Academia.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\News\American Conservative Union.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\News\CENTER FOR EQUAL OPPORTUNITY.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\News\CNSNews.com.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\News\Common Sense Radio with Oliver North.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\News\Conservatibe Battlelin Online.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\News\Conservative WebRing Navigation.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\News\Free Republic.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\News\RushLimbaugh.com.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\News\SunSpot .url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\News\The Bogus News Network.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\News\The Smoking Gun.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\News\Town Hall Conservative News and Information - The Conservative Movement Starts Here.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\News\Welcome to Computerworld News & Features.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\News\WorldNetDaily .url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\News\www.truth.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Old South Mountain Inn\The Old South Mountain Inn - Fine Dining in Boonsboro, Maryland.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\On-line Dictionaries\A Web of Specialized On-line Dictionaries.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\On-line Dictionaries\Resources on the Web.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Our Web Pages\DPI-SIZE demo.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Our Web Pages\Lynns Pictures on Comcast.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Our Web Pages\Welcome to The Catholic High School of Baltimore.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Photography Folder\Kodak Talk Forum Digital Photography Review.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Photography Folder\PHOTO COPYRIGHT ARTICLE.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Photoshop Folder\Planetphotoshop.com - Online Photoshop News, Tips and Tutorials.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Political\CLINTON DEATH LIST CLINTON DEATH LIST CLINTON DEATH LIST CLINTON DEATH LIST CLINTON DEATH LIST.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Political\Congressional Email Directory.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Political\Who Are Your Elected Officials in Maryland.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Priority Club at Holiday Inn\Priority Club Rewards Hotel Reservations The Official Web Site.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Quinnipiac University QU Daily.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Real Estate Stuff\Kersey Homes, Inc..url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Real Estate Stuff\Lancaster.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Real Estate Stuff\Maryland Real Property Search.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Real Estate Stuff\Multiple List Search\Real Estate Listings in Baltimore County Maryland.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Real Estate Stuff\Ocean City Maryland Real Estate.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Real Estate Stuff\Real Estate Baltimore homes realtor Maryland inside tours RE-MAX American Dream..url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Real Estate Stuff\Real estate Grempler Realty,.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Real Estate Stuff\Real estate O'Conor Piper & Flynn Realtors.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Real Estate Stuff\Real estate Resort Homes, Shawnee Homes,.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Real Estate Stuff\Real Estate Sales - Maryland..url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Remove about-blank\PC Hell How to Remove AboutBlank Homepage Hijacker.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Search Engines\Google.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Search Engines\Guide to Search Engines.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Search Engines\Reference Best Source for Facts on the Net - Refdesk.com.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Search Engines\Virtual Librarian.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Search Engines\Who Where.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Sears Repair\sears.com.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Silent Runners\Silent Runners - Adware Disinfect, don't reformat!.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Social Security\How Work Affects Your Benefits.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Social Security\Social Security Online.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Social Security\Understanding The Benefits.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Song Lyric Search\Bedbugs and Roaches.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Song Lyric Search\KIDiddles (TM) - Mojo's Musical Mouseum Lookin' For Lyrics.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Song Lyric Search\Welcome to KIDiddles (TM) - Not your Average Kids' site!.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Spybot\Downloads - The home of Spybot-S&D!.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\St. Clement Church\St. Clement Mary Hofbauer Roman Catholic Church.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Stands For\AbbreviationZ - The A to Z of Acronyms, Abbreviations & Initialisms on the Net.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Steve's Digicams Index.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Switch Board\Telephone Directory - Switchboard Internet Yellow Pages and White Pages - Maps.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Target\Refill Prescription.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Target\Target.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Technical Stuff\0 Virus and Vandal alerts.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Technical Stuff\DriverGuide.com - find any device driver.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Technical Stuff\E-Secure-DB IT Security Information Database FREE Access.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Technical Stuff\Frank Condron's World O'Windows - Main Page.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Technical Stuff\Networking Glossary.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Technical Stuff\NoCrash - One Stop Crash Fix'n.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Technical Stuff\NoWonder - The Leading IT Support Marketplace.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Technical Stuff\Partition Magic Information.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Technical Stuff\Power Tools (Software) Forum.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Technical Stuff\Power Tools Newsletter 2.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Technical Stuff\Soup Up Your Hard Drive with DMA.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Technical Stuff\Tek-Tips - Forums For computer Professionals.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Technical Stuff\Weeno learn how to do stuff you don't know.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Technical Stuff\Winmag.com Power Tools Newsletter.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\The Kings English\United Kingdom English for the American Novice.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\The Pro's Photography\The Pros Wedding Services.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Triple AAA\www.aaa.com.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Verizon online email\Verizon Online NetMail.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Web Events.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\What Does it Do\Answers That Work - Computer Solutions, Helpdesk, PC Troubleshooting.url Object is locked
Riod1508
2007-12-25, 02:55
C:\Documents and Settings\Owner\Favorites\What Does it Do\Startups - Contents.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\What Does it Do\Task List Programs.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Windows Memory Usage\Memory Use By Windows.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Wine Hobby\Annapolis Home Brew.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Wine Hobby\Home - Winemaker Magazine Creating Your Own Great Wines.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Wine Hobby\Welcome To The Grape and Granary.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Worcester County\Worcester County.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\XP performance tweaks.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Z-Miscellaneous\BGE Information.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Z-Miscellaneous\Country Wines.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Z-Miscellaneous\Kelley Blue Book Used Car Values.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Z-Miscellaneous\MapQuest! Interactive Atlas.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Z-Miscellaneous\MapQuest! Welcome!.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Z-Miscellaneous\Ocean City Maryland Boardwalk Cam.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Z-Miscellaneous\Supreme Court of the United States.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Z-Miscellaneous\Wales TV.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Z-Miscellaneous\WCBM.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Z-Miscellaneous\Weather for Baltimore, MD.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Z-Miscellaneous\Welcome to Eastman Kodak Company.url Object is locked skipped
C:\Documents and Settings\Owner\Favorites\Z-Miscellaneous\Your IP address.url Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\12\14\ce7bc489-220d4531-5b7b280d-757599f5.qtch Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\06\d6257504-e0ad607d-26eade94-add05bb7.qtch Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\QuickTime\downloads\13\06\d689318a-de27c75f-57f003c5-b1012fe9.qtch Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\HelpCtr\HelpSessionHistory.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Music\MM Jukebox Plus Upgrade.mp3 Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Pictures\IMG1.JPG Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Pictures\IMG2.JPG Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Pictures\IMG3.JPG Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Pictures\IMG4.JPG Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Owner\My Documents\My Videos\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\NetHood\SHARED on Joe's_machine\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\NetHood\SHARED on Joe's_machine\target.lnk Object is locked skipped
C:\Documents and Settings\Owner\NetHood\SharedDocs on Lynns\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\NetHood\SharedDocs on Lynns\target.lnk Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\ntuser.ini Object is locked skipped
C:\Documents and Settings\Owner\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Recent\Leprachaun work folder two.lnk Object is locked skipped
C:\Documents and Settings\Owner\Recent\Leprechaun optimized at 127 colors.lnk Object is locked skipped
C:\Documents and Settings\Owner\SendTo\B's CLiP CD (E).Lnk Object is locked skipped
C:\Documents and Settings\Owner\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Owner\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Owner\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Owner\SendTo\McAfee Shredder.McShredder Object is locked skipped
C:\Documents and Settings\Owner\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\Owner\SendTo\Share-to-Web Upload Folder.s2wdh Object is locked skipped
C:\Documents and Settings\Owner\SendTo\Web Publishing Wizard.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer\Web Publishing Wizard.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Owner\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Owner\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Owner\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Owner\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Owner\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Owner\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Owner\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Owner\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Owner\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Owner\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Owner\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Owner\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Owner\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\Owner\UserData\SXMR81EJ\oWindowsUpdate[1].xml Object is locked skipped
C:\Program Files\Blue Coat K9 Web Protection\cwmlog.txt Object is locked skipped
C:\Program Files\Blue Coat K9 Web Protection\urls.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP508\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\fb_1500.lck Object is locked skipped
C:\WINDOWS\Temp\mcafee_eYjRdapReLpzQsh Object is locked skipped
C:\WINDOWS\Temp\mcmsc_aUVtl9cFR5JR1UB Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Q9cEuhablt38U2O Object is locked skipped
C:\WINDOWS\Temp\mcmsc_TQKBrCWoT4mnLNf Object is locked skipped
C:\WINDOWS\Temp\mcmsc_YYn8hzaFTYaUa1y Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
M:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
M:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP508\change.log Object is locked skipped
Scan process completed.
Hi
That looks good :)
Still problems?
Riod1508
2007-12-25, 19:56
All seems well.
Thank you again.
Merry Christmas!
Hi
Same to you :)
Then you're clean!
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
You can fix this with HijackThis, it's a leftover:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
Next we remove all used tools.
Please download OTMoveIt (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe) and save it to desktop.
Double-click OTMoveIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware 2007 to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Comodo BOCLEAN (http://www.comodo.com/boclean/boclean.html) <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)
Happy surfing and stay clean! :santa:
Since this issue appears resolved ... this Topic is closed. Glad I could help.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.