PDA

View Full Version : Zedo and Slowness



gheady
2008-04-23, 22:43
Please review. First post of Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35, on 04/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\EPSON\ESM2\eEBAgent.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Glenn Heady\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/yessentials_cq/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessentials_cq/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: YBIOCtrl Class - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6009\SiteAdv.dll
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {0146F77E-47F9-48A6-8368-C5789EDA9E75} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {111C6C62-A7E0-447A-9284-584F982BDEF3} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {36299440-3104-4F77-9462-71CBB4FA13F9} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - https://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
O23 - Service: a-squared Free Service (a2free) - Unknown owner - c:\program files\a-squared free\a2service.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EpsonBidirectionalAgent - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\ESM2\eEBAgent.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: (no name) - http://www.jpl.nasa.gov/wallpaper/art/pia07899-1600-1200.jpg

--
End of file - 8140 bytes

gheady
2008-04-23, 22:48
I cannot post the KASPERSKY results because it is to big. It is 342KB. The forum will not let me post it or attach it. Any help would be appreciated.

gheady
2008-04-24, 01:10
I had an error message repeated several hundred times. I left only a couple of them in to reduce the size. Hope this helps.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 23, 2008 1:53
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/04/2008
Kaspersky Anti-Virus database records: 723063
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 99084
Number of viruses found: 8
Number of infected objects: 16
Number of suspicious objects: 251
Duration of the scan process: 03:05:50

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\logout.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{B758E177-EF38-4E73-B0FA-5DC32109A683}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Start Menu\Application Data\Spybot - Search & Destroy\Recovery\BDEProjector2.zip/b3dsetup.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1100 skipped
C:\Documents and Settings\All Users\Start Menu\Application Data\Spybot - Search & Destroy\Recovery\BDEProjector2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Start Menu\Application Data\Spybot - Search & Destroy\Recovery\CommonName.zip/BSaveInst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bx skipped
C:\Documents and Settings\All Users\Start Menu\Application Data\Spybot - Search & Destroy\Recovery\CommonName.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Start Menu\Application Data\Spybot - Search & Destroy\Recovery\CommonName1.zip/fsg_4104.exe Infected: not-a-virus:AdWare.Win32.Gator.4104 skipped
C:\Documents and Settings\All Users\Start Menu\Application Data\Spybot - Search & Destroy\Recovery\CommonName1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Start Menu\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar10.zip/MYBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWay.m skipped
C:\Documents and Settings\All Users\Start Menu\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar10.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Start Menu\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar5.zip/MY2NS.EXE Infected: not-a-virus:AdWare.Win32.MyWay.b skipped
C:\Documents and Settings\All Users\Start Menu\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Start Menu\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar9.zip/NPMYWAY.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f skipped
C:\Documents and Settings\All Users\Start Menu\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyBar9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Start Menu\Application Data\Spybot - Search & Destroy\Recovery\Newnet.zip/newdotnet3_36.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\All Users\Start Menu\Application Data\Spybot - Search & Destroy\Recovery\Newnet.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Start Menu\Application Data\Spybot - Search & Destroy\Recovery\Newnet1.zip/newdotnet3_36.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\All Users\Start Menu\Application Data\Spybot - Search & Destroy\Recovery\Newnet1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Glenn Heady\Application Data\Mozilla\Firefox\Profiles\default.8of\cert8.db Object is locked skipped
C:\Documents and Settings\Glenn Heady\Application Data\Mozilla\Firefox\Profiles\default.8of\formhistory.dat Object is locked skipped
C:\Documents and Settings\Glenn Heady\Application Data\Mozilla\Firefox\Profiles\default.8of\history.dat Object is locked skipped
C:\Documents and Settings\Glenn Heady\Application Data\Mozilla\Firefox\Profiles\default.8of\key3.db Object is locked skipped
C:\Documents and Settings\Glenn Heady\Application Data\Mozilla\Firefox\Profiles\default.8of\parent.lock Object is locked skipped
C:\Documents and Settings\Glenn Heady\Application Data\Mozilla\Firefox\Profiles\default.8of\search.sqlite Object is locked skipped
C:\Documents and Settings\Glenn Heady\Application Data\Mozilla\Firefox\Profiles\default.8of\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Glenn Heady\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped
C:\Documents and Settings\Glenn Heady\Application Data\Thunderbird\Profiles\jrdsl3hm.default\Mail\Local Folders\Inbox/[From "Walker Freeman" <dtbmuxzo@arczip.com>][Date Mon, 18 Jul 2005 18:35:07 -0600]/UNNAMED/[From Tania Cullen <thaetmcue@chadimafurniture.com>][Date Tue, 19 Jul 2005 00:41:32 -0600]/UNNAMED/[From Allison Heady <allisonheady@optonline.net>][Date Tue, 19 Jul 2005 21:31:11 -0400]/text/[From "Lillian Lott" <Tacjmzj@eroon.com>][Date Thu, 21 Jul 2005 04:35:32 -0600]/UNN ... /[F ... /[From " ... /[From " ... /[F ... /[From eBay <endofitem@ebay.com>][Date Fri, 16 Dec 2005 10:34:32 -080 ... /html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Glenn Heady\Application Data\Thunderbird\Profiles\jrdsl3hm.default\Mail\Local Folders\Inbox/[From "Walker Freeman" <dtbmuxzo@arczip.com>][Date Mon, 18 Jul 2005 18:35:07 -0600]/UNNAMED/[From Tania Cullen <thaetmcue@chadimafurniture.com>][Date Tue, 19 Jul 2005 00:41:32 -0600]/UNNAMED/[From Allison Heady <allisonheady@optonline.net>][Date Tue, 19 Jul 2005 21:31:11 -0400]/text/[From "Lillian Lott" <Tacjmzj@eroon.com>][Date Thu, 21 Jul 2005 04:35:32 -0600]/UNN ... /[From "W ... .. ... /[From "Edward Gillis" <KHickeya@berberianmotors.com>][Date Mon, 28 Nov 2005 14:20:20 -0800]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Glenn Heady\Application Data\Thunderbird\Profiles\jrdsl3hm.default\Mail\Local Folders\Inbox/[From "Walker Freeman" <dtbmuxzo@arczip.com>][Date Mon, 18 Jul 2005 18:35:07 -0600]/UNNAMED/[From Tania Cullen <thaetmcue@chadimafurniture.com>][Date Tue, 19 Jul 2005 00:41:32 -0600]/UNNAMED/[From Allison Heady <allisonheady@optonline.net>][Date Tue, 19 Jul 2005 21:31:11 -0400]/text/[From "Lillian Lott" <Tacjmzj@eroon.com>][Date Thu, 21 Jul 2005 04:35:32 -0600]/UNNAMED/[From "eBay" <eBay@rep ... /[From "Heady, Bob" <Bob.Heady@ogs.state.ny.us>][Date Tue, 26 Jul 2005 14:59:36 -0400]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Glenn Heady\Application Data\Thunderbird\Profiles\jrdsl3hm.default\Mail\Local Folders\Inbox/[From "Walker Freeman" <dtbmuxzo@arczip.com>][Date Mon, 18 Jul 2005 18:35:07 -0600]/UNNAMED/[From Tania Cullen <thaetmcue@chadimafurniture.com>][Date Tue, 19 Jul 2005 00:41:32 -0600]/UNNAMED/[From Allison Heady <allisonheady@optonline.net>][Date Tue, 19 Jul 2005 21:31:11 -0400]/text/[From "Lillian Lott" <Tacjmzj@eroon.com>][Date Thu, 21 Jul 2005 04:35:32 -0600]/UNNAMED/[From "eBay" <eBay@rep ... /[From "merlin molloy" <limentina@guitarsrule.com>][Date Sat, 23 Jul 2005 05:18:19 +0500]/text Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Glenn Heady\Application Data\Thunderbird\Profiles\jrdsl3hm.default\Mail\Local Folders\Inbox/[From "Walker Freeman" <dtbmuxzo@arczip.com>][Date Mon, 18 Jul 2005 18:35:07 -0600]/UNNAMED/[From Tania Cullen <thaetmcue@chadimafurniture.com>][Date Tue, 19 Jul 2005 00:41:32 -0600]/UNNAMED/[From Allison Heady <allisonheady@optonline.net>][Date Tue, 19 Jul 2005 21:31:11 -0400]/text/[From "Lillian Lott" <Tacjmzj@eroon.com>][Date Thu, 21 Jul 2005 04:35:32 -0600]/UNNAMED/[From "eBay" <eBay@reply3.ebay.com>][Date Fri, 22 Jul 2005 14:05:18 -0700]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Glenn Heady\Application Data\Thunderbird\Profiles\jrdsl3hm.default\Mail\Local Folders\Inbox/[From "Walker Freeman" <dtbmuxzo@arczip.com>][Date Mon, 18 Jul 2005 18:35:07 -0600]/UNNAMED/[From Tania Cullen <thaetmcue@chadimafurniture.com>][Date Tue, 19 Jul 2005 00:41:32 -0600]/UNNAMED/[From Allison Heady <allisonheady@optonline.net>][Date Tue, 19 Jul 2005 21:31:11 -0400]/text/[From "Lillian Lott" <Tacjmzj@eroon.com>][Date Thu, 21 Jul 2005 04:35:32 -0600]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Glenn Heady\Application Data\Thunderbird\Profiles\jrdsl3hm.default\Mail\Local Folders\Inbox/[From "Walker Freeman" <dtbmuxzo@arczip.com>][Date Mon, 18 Jul 2005 18:35:07 -0600]/UNNAMED/[From Tania Cullen <thaetmcue@chadimafurniture.com>][Date Tue, 19 Jul 2005 00:41:32 -0600]/UNNAMED/[From Allison Heady <allisonheady@optonline.net>][Date Tue, 19 Jul 2005 21:31:11 -0400]/text Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Glenn Heady\Application Data\Thunderbird\Profiles\jrdsl3hm.default\Mail\Local Folders\Inbox/[From "Walker Freeman" <dtbmuxzo@arczip.com>][Date Mon, 18 Jul 2005 18:35:07 -0600]/UNNAMED/[From Tania Cullen <thaetmcue@chadimafurniture.com>][Date Tue, 19 Jul 2005 00:41:32 -0600]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Glenn Heady\Application Data\Thunderbird\Profiles\jrdsl3hm.default\Mail\Local Folders\Inbox/[From "Walker Freeman" <dtbmuxzo@arczip.com>][Date Mon, 18 Jul 2005 18:35:07 -0600]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Glenn Heady\Application Data\Thunderbird\Profiles\jrdsl3hm.default\Mail\Local Folders\Inbox MailBerkeleymboxx: suspicious - 250 skipped
C:\Documents and Settings\Glenn Heady\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Glenn Heady\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\Glenn Heady\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\Glenn Heady\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Glenn Heady\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Glenn Heady\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.8of\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Glenn Heady\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.8of\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Glenn Heady\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.8of\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Glenn Heady\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.8of\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Glenn Heady\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Glenn Heady\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Glenn Heady\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Glenn Heady\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Glenn Heady\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CD45504F-D983-486E-9C46-F5C3E4ADCBD7}\RP1645\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB817778$\netip6.inf Object is locked skipped
C:\WINDOWS\$NtUninstallKB817778$\netoc.inf Object is locked skipped
C:\WINDOWS\$NtUninstallKB817778$\tunmp.sys Object is locked skipped
C:\WINDOWS\$NtUninstallQ814995$\apph_sp.sdb Object is locked skipped
C:\WINDOWS\$NtUninstallQ814995$\apps_sp.chm Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_CNXT V9x PCI Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{68CD2701-77E0-46C5-B8BD-9C358A16F005}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_mrgDFozUCD4E0xY Object is locked skipped
C:\WINDOWS\Temp\mcafee_QlI2tmLCzpAFeeM Object is locked skipped
C:\WINDOWS\Temp\mcmsc_EtP96zaY2DLReWE Object is locked skipped
C:\WINDOWS\Temp\mcmsc_kirum93SSmOLyO2 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_PWnRCpDm6fBPbZf Object is locked skipped
C:\WINDOWS\Temp\mcmsc_RVN4IwrWNqBUU2c Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.