My computer is running slow, and all kinds of pop-ups are coming up, and my desktop background has been hijacked. Any help would be much appreciated.
I will put my Kaspersky log in the next post.


Here is my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:05 PM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Parental Controls\PCTHelp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Gaines\cftmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\winself.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903\BackWeb-137903.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PCTAgent] C:\Program Files\Parental Controls\PCTHelp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [advap32] C:\WINDOWS\TEMP\50B4.tmp/r
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Gaines\cftmon.exe
O4 - HKLM\..\Run: [b89b2f89] rundll32.exe "C:\WINDOWS\system32\cqanjbde.dll",b
O4 - HKLM\..\Run: [BMbba81c15] Rundll32.exe "C:\WINDOWS\system32\uxspkmnh.dll",s
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [WintelUpdate] C:\WINDOWS\TEMP\38BE.tmp.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Gaines\cftmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\Documents and Settings\LocalService\cftmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O15 - Trusted Zone: http://*.stpaultravelers.com
O15 - Trusted Zone: http://*.gulfinsurance.com (HKLM)
O15 - Trusted Zone: http://*.northlandins.com (HKLM)
O15 - Trusted Zone: http://*.northlandonline.com (HKLM)
O15 - Trusted Zone: *.spt.com (HKLM)
O15 - Trusted Zone: http://*.spt.com (HKLM)
O15 - Trusted Zone: http://*.stpaul.com (HKLM)
O15 - Trusted Zone: http://*.stpaultravelers.com (HKLM)
O15 - Trusted Zone: http://*.travelers.com (HKLM)
O15 - Trusted Zone: http://*.travelerspc.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111840744828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160941981468
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {89521361-EA5B-11D7-97CA-00E08103E149} (Parental Controls Agent Class) - http://pccfg.ourlinksys.com:8080/config/elements/artemislogin/PCTAgent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12699 bytes

Here is my Kaspersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 27, 2008 4:59:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/04/2008
Kaspersky Anti-Virus database records: 727600
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 228748
Number of viruses found: 15
Number of infected objects: 136
Number of suspicious objects: 4
Duration of the scan process: 02:38:26

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\interMute\SpamSubtract\updates\badwords.re Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\interMute\SpamSubtract\updates\words.re Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.cch Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.old Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-3520942272-335186276-177586940-500\a18ca4003deb042bbee7a40f15e1970b_0d8a3e38-7997-4130-8286-44fe284dc217 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}\ICO_ZoneDeluxeGamesManager.ico Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}\ICO__Collapse_Deluxe.exe Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}\ICO__Cubis_Deluxe.exe Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}\ICO__Mah_Jong_Tiles_Deluxe.exe Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}\ICO__TextTwist_Deluxe.exe Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}\ICO__Word_MoJo_Deluxe.exe Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\NewShortcut1.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\NewShortcut10.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\NewShortcut11.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\NewShortcut12.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\NewShortcut13.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\NewShortcut14.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\NewShortcut15.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\NewShortcut17.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\NewShortcut18.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\NewShortcut2.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\NewShortcut3.9204FDFA_6A8F_4BA0_9920_24E55B5031C8.ico Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\NewShortcut3_1.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\NewShortcut4.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\NewShortcut5.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\NewShortcut6.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\NewShortcut8.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\NewShortcut9.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\SetupProgFiles_CHT.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\SetupShortcut_DA.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\SetupShortcut_DE.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{745A92AF-53B4-41A7-91C3-9B026B1D5897}\SetupShortcut_JA.9204FDFA_6A8F_4BA0_9920_24E55B5031C8 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\MUSICMATCH Jukebox.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\RealOne Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Media Player\0052F88A.wpl Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\MSO1033.acl Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Office\Word11.pip Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3520942272-335186276-177586940-500\c0efdf73-8987-4c9d-a8aa-51a437901ad1 Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3520942272-335186276-177586940-500\Preferred Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Real\rnadmin\rnsystem.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Sonic\Update Manager\sumdb.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\deployment.properties Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Symantec\Shared\Options.VcPref Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\Register with HP.url Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Financial Links\MSN CarPoint.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Financial Links\MSN Home.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Financial Links\MSN HomeAdvisor.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Financial Links\MSN Hotmail.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Financial Links\MSN Money.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Financial Links\MSN People & Chat.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Financial Links\MSN Shopping.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Financial Links\MSN Web Search.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\America Online.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\CompuServe.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\EarthLink Dial-up.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\Get High-Speed Internet.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\HP's Recommended Web Sites\HP's Internet Service Providers\MSN.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\HP's Recommended Web Sites\Yahoo! Best of the Web.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\Administrator\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\caspol.exe.ae73cd99.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\ehshell.exe.a87fcbb.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.d7de81c0.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\HelpCtr\HelpSessionHistory.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\wmpfolders.wmdb Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Works\Portfolio\Sample.wsb Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142000}\1033.MST Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142000}\Java 2 Runtime Environment, SE v1.4.2.msi Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012003121620031217\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012004063020040701\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012004070120040702\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\GLB49.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\GLB88.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\IadHide4.dll Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\pcfA.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\_quicken_2004_qnue-path1.exe Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\alttext[1].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\blank[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\chkmk_clrbkgrd[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\Common[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\Common[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\Common[3].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\coUA[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\Homepage__DESKTOP[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\Homepage__SHARED[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\hplogo[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\icon_blank_12x[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\icon_network[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\important[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\Lang[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\Lang[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\MiniNavBar[1].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\nav_arrow[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\orange_line[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\PCHSettings[1].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\PCHSettings[2].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\search_arrow_blue[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\shared[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\shared[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\shared[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\shared[3].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\shared[4].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\shared[5].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\shared[6].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\shared[7].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\shared[8].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\shortcutCold[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\Statistics[1].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\Statistics[2].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\step_top[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\stngs_ua[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\switch3_ua[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\topbluebar[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\UAbrand[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\UAHelp_Metrics[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\US1share_ss02[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4Z6BERQJ\vendorprefs[1].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\blue_dot[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\caution[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\Common[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\Common[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\Common[3].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\copydupfiles[1].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\endnode[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\fvrts_ua[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\helpdoc[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\HomePage[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\Homepage__DESKTOP[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\Homepage__SHARED[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\icon_print[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\icon_windows[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\intro4[1].jpg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\Lang[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\Lang[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\Lang[3].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\MiniNavBar[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\minusCold[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\NavBar[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\nav_clouds_4[1].jpg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\note[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\PCHSettings[1].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\PCHSettings[2].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\PCHSettings[3].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\progbar[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\reusable[1].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\shared[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\shared[3].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\shared[4].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\shared[5].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\shared[6].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\shared[7].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\shared[8].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\Statistics[1].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\switch2_ua[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\top[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\UAHelp_Classic[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\ua[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\US1share_ss01[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QBQZIZIH\warning[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\alttext[1].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\article[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\chkmk_antialiased[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\clear[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\collapsed[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\Common[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\Common[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\Common[3].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\Common[4].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\Common[5].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\Common[6].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\Common[7].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\ContentUpdate_HPD[1].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\ContentUpdate_HPD[2].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\ContentUpdate_HPD[3].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\ContentUpdate_HPD[4].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\coUAprint[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\firstpage[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\footer_orange[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\gray_bg[2].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\HelpLA_lib[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\Homepage__DESKTOP[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\Homepage__DESKTOP[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\Homepage__SHARED[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\Homepage__SHARED[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\icon_access[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\icon_articles_12x[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\Lang[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\Lang[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\mydcs_ua[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\nav_article[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\PCHSettings[1].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\PCHSettings[2].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\PCHSettings[4].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\plusCold[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\plusCold[2].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\searchblurb[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\SearchMain[1].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\SearchMain[2].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\SearchMain[4].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\SearchMain[5].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\search_arrow_blue_over[2].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\shared[10].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\shared[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\shared[3].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\shared[4].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\shared[5].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\shared[6].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\shared[7].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\shared[8].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\shared[9].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\shortcutHot[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\Statistics[1].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\Statistics[2].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\Statistics[3].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\Statistics[4].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\Statistics[5].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\step_back[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\SubSite[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\wrapperparam[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\wrapperparam[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WJTI7A2H\wrapperparam[3].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\Behaviors[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\bottom[1].html Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\Common[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\Common[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\Common[3].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\Common[4].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\ContentUpdate_HPD[1].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\ContentUpdate_HPD[2].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\Context[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\cstmz_ua[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\defaultsettings[1].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\ehelp-blue-NA-2.1[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\HHWRAPPER[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\Homepage__DESKTOP[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\Homepage__SHARED[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\icon_pavilion[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\Lang[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\Lang[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\Lang[3].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\Layout[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\lgn_ua[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\NavBar[1].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\PCHSettings[1].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\PCHSettings[2].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\PCHSettings[3].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\plusHot[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\popup[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\SearchMain[1].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\SearchMain[2].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\Search[2].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\settin_up[1].jpg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\shared[10].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\shared[11].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\shared[12].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\shared[13].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\shared[14].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\shared[15].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\shared[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\shared[3].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\shared[4].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\shared[5].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\shared[6].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\shared[7].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\shared[8].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\shared[9].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\shim[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\ssa_nav_clouds[1].jpg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\Statistics[1].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\Statistics[2].htc Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\step_bottom[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\switch1_ua[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\Uabrand[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\upgradeclient[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\watermark_300x[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y4M2WPQK\wrapperparam[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\MM Jukebox Plus Upgrade.mp3 Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\IMG0.JPG Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\IMG1.jpg Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\IMG10.jpg Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\IMG11.jpg Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\IMG12.jpg Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\IMG13.jpg Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\IMG2.JPG Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\IMG3.JPG Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\IMG4.JPG Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\IMG5.jpg Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\IMG6.jpg Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\IMG7.jpg Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\IMG8.JPG Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\IMG9.JPG Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\My Videos\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.ini Object is locked skipped
C:\Documents and Settings\Administrator\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Recent\Music and Games for My PC.lnk Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\MUSICMATCH Burner Plus.lnk Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\RecordNow!.RecordNowSendToExt Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\RealOne Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Games\There\First time There.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Games\There\Sign on to There.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Games\There\There End User License Agreement.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Games\There\Uninstall There.lnk Object is locked skipped

Here is the remaining portion of my Kaspersky log:


:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Online Services\Easy Internet Sign-up.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\spamsubtract.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Zone.com Deluxe Games\Mah Jong Tiles Deluxe\License Agreement.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Zone.com Deluxe Games\Mah Jong Tiles Deluxe\Mah Jong Tiles Deluxe.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Zone.com Deluxe Games\Mah Jong Tiles Deluxe\Read Me!.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Zone.com Deluxe Games\Mah Jong Tiles Deluxe\Register Mah Jong Tiles Deluxe.url Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Zone.com Deluxe Games\Mah Jong Tiles Deluxe\Uninstall Mah Jong Tiles Deluxe.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Zone.com Deluxe Games\Play Collapse! Deluxe.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Zone.com Deluxe Games\Play Cubis Deluxe.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Zone.com Deluxe Games\Play Mah Jong Tiles Deluxe.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Zone.com Deluxe Games\Play TextTwist Deluxe.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Zone.com Deluxe Games\Play Word MoJo Deluxe.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Zone.com Deluxe Games\Visit Zone.com Deluxe Games!.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Administrator\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Administrator\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Administrator\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Administrator\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Administrator\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Administrator\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Administrator\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Administrator\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Administrator\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\689c037d8083fc3156062e7b27bae554_0d8a3e38-7997-4130-8286-44fe284dc217 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c04aa73c62f8fc466fe343448bc411f_0d8a3e38-7997-4130-8286-44fe284dc217 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader.zip/stcloader.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader1.zip/stcloader.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\Brad\cftmon.exe Infected: Worm.Win32.Socks.ff skipped
C:\Documents and Settings\Gaines\cftmon.exe Infected: Worm.Win32.Socks.ff skipped
C:\Documents and Settings\Gaines\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Gaines\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Gaines\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Gaines\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Gaines\Local Settings\History\History.IE5\MSHist012008042720080428\index.dat Object is locked skipped
C:\Documents and Settings\Gaines\Local Settings\Temp\ mon000.log Object is locked skipped
C:\Documents and Settings\Gaines\Local Settings\Temp\~DF615D.tmp Object is locked skipped
C:\Documents and Settings\Gaines\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Gaines\My Documents\My Pictures\Image_03.com Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\Gaines\ntuser.dat Object is locked skipped
C:\Documents and Settings\Gaines\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\cftmon.exe Infected: Worm.Win32.Socks.ff skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000022.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\L0000003.FCS Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\webHancer\Programs\webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Program Files\webHancer\Programs\whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP739\A0052671.exe Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP739\A0052672.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP739\A0052673.exe Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP739\A0052674.exe Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP739\A0052675.exe Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP739\A0052676.exe Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP740\A0052680.exe Infected: Trojan-Downloader.Win32.Small.uuw skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP741\A0052685.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP741\A0052687.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP741\A0052688.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP741\A0052697.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP741\A0052700.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP741\A0052710.exe Infected: Trojan-Downloader.Win32.Small.uww skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP742\A0054766.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP742\A0054772.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP742\A0054785.exe Infected: Trojan-Downloader.Win32.Small.uww skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP743\A0055802.exe Infected: not-a-virus:AdWare.Win32.WebHancer.423 skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP743\A0055804.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP743\A0056814.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP745\A0056851.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP745\A0056852.exe Infected: Worm.Win32.Socks.ff skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP745\A0056854.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP745\A0056855.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qqw skipped
C:\System Volume Information\_restore{38619354-A30C-4AA1-999E-C6E4474B633E}\RP745\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped
C:\WINDOWS\.file_store_32\code.dat Object is locked skipped
C:\WINDOWS\.file_store_32\jingle0.mid Object is locked skipped
C:\WINDOWS\.file_store_32\jingle1.mid Object is locked skipped
C:\WINDOWS\.file_store_32\jingle2.mid Object is locked skipped
C:\WINDOWS\.file_store_32\jingle3.mid Object is locked skipped
C:\WINDOWS\.file_store_32\jingle4.mid Object is locked skipped
C:\WINDOWS\.file_store_32\main_file_cache.dat Object is locked skipped
C:\WINDOWS\.file_store_32\main_file_cache.idx0 Object is locked skipped
C:\WINDOWS\.file_store_32\main_file_cache.idx1 Object is locked skipped
C:\WINDOWS\.file_store_32\main_file_cache.idx2 Object is locked skipped
C:\WINDOWS\.file_store_32\main_file_cache.idx3 Object is locked skipped
C:\WINDOWS\.file_store_32\main_file_cache.idx4 Object is locked skipped
C:\WINDOWS\.file_store_32\sound0.wav Object is locked skipped
C:\WINDOWS\.file_store_32\sound1.wav Object is locked skipped
C:\WINDOWS\.file_store_32\sound2.wav Object is locked skipped
C:\WINDOWS\.file_store_32\sound3.wav Object is locked skipped
C:\WINDOWS\.file_store_32\sound4.wav Object is locked skipped
C:\WINDOWS\.file_store_32\uid.dat Object is locked skipped
C:\WINDOWS\17PHolmes72.exe Infected: Trojan-Downloader.Win32.Homles.bj skipped
C:\WINDOWS\agloy.txt Object is locked skipped
C:\WINDOWS\atid.ini Object is locked skipped
C:\WINDOWS\cdplayer.ini Object is locked skipped
C:\WINDOWS\cmskw.dat Object is locked skipped
C:\WINDOWS\CRCheck32.dat Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\default.htm Infected: not-virus:Hoax.HTML.Secureinvites.b skippedC:\WINDOWS\eHome\ehshell.crash Object is locked skipped
C:\WINDOWS\Fonts\CACCAMEL.TTF Object is locked skipped
C:\WINDOWS\Fonts\CACCHAMP.TTF Object is locked skipped
C:\WINDOWS\Fonts\CACFCBI_.TTF Object is locked skipped
C:\WINDOWS\Fonts\CACFCB__.TTF Object is locked skipped
C:\WINDOWS\Fonts\CACFCMI_.TTF Object is locked skipped
C:\WINDOWS\Fonts\CACFC___.TTF Object is locked skipped
C:\WINDOWS\Fonts\CACKLB__.TTF Object is locked skipped
C:\WINDOWS\Fonts\CACKL___.TTF Object is locked skipped
C:\WINDOWS\Fonts\CACLA___.TTF Object is locked skipped
C:\WINDOWS\Fonts\CACLC___.TTF Object is locked skipped
C:\WINDOWS\Fonts\CACLESLI.TTF Object is locked skipped
C:\WINDOWS\Fonts\CACLEW__.TTF Object is locked skipped
C:\WINDOWS\Fonts\CACMOOSE.TTF Object is locked skipped
C:\WINDOWS\Fonts\CACNH___.TTF Object is locked skipped
C:\WINDOWS\Fonts\CACOS___.TTF Object is locked skipped
C:\WINDOWS\Fonts\CACPINAF.TTF Object is locked skipped
C:\WINDOWS\Fonts\CACSB___.TTF Object is locked skipped
C:\WINDOWS\Fonts\CACSHISH.TTF Object is locked skipped
C:\WINDOWS\Fonts\CACVALIA.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0107M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0108M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0109M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0110M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0129M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0130M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0142M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0143M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0148M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0149M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0201M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0204M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0205M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0328M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0329M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0330M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0331M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0362M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0581M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0604M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0610M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0626M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0729M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0768M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0841M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0976M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT0990M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT1040M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT1043M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT1046M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT1051M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT1064M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT1139M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT1154M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT1178M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT1221M_.TTF Object is locked skipped
C:\WINDOWS\Fonts\TT3004M_.TTF Object is locked skipped
C:\WINDOWS\hegames.ini Object is locked skipped
C:\WINDOWS\Help\bootcons.chw Object is locked skipped
C:\WINDOWS\Help\camera.chw Object is locked skipped
C:\WINDOWS\Help\cdmedia.chw Object is locked skipped
C:\WINDOWS\Help\filefold.chw Object is locked skipped
C:\WINDOWS\Help\find.chw Object is locked skipped
C:\WINDOWS\Help\howto.chw Object is locked skipped
C:\WINDOWS\Help\iexplore.chw Object is locked skipped
C:\WINDOWS\Help\localsec.chw Object is locked skipped
C:\WINDOWS\Help\mspaint.chw Object is locked skipped
C:\WINDOWS\Help\plyr_err.chw Object is locked skipped
C:\WINDOWS\Help\update.GID Object is locked skipped
C:\WINDOWS\Help\wmperr10.chw Object is locked skipped
C:\WINDOWS\inf\OLD7C6.tmp Object is locked skipped
C:\WINDOWS\inf\OLD7D5.tmp Object is locked skipped
C:\WINDOWS\inf\OLD7E8.tmp Object is locked skipped
C:\WINDOWS\inf\SET7C5.tmp Object is locked skipped
C:\WINDOWS\inf\SET7D4.tmp Object is locked skipped
C:\WINDOWS\inf\SET7E7.tmp Object is locked skipped
C:\WINDOWS\inf\sunkistxp.PNF Object is locked skipped
C:\WINDOWS\Internet Logs\GAINESHOME.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\iun507.exe Object is locked skipped
C:\WINDOWS\lfn.exe Infected: not-virus:Hoax.Win32.Renos.bvd skipped
C:\WINDOWS\mfcwx32.dll Object is locked skipped
C:\WINDOWS\msoevc.exe Object is locked skipped
C:\WINDOWS\nsreg.dat Object is locked skipped
C:\WINDOWS\pchealth\helpctr\Logs\helpctr.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\awtqqpOI.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\awtsQJDt.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\awtusTll.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\byXNdaab.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\byXNfDUo.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\byXNgdeE.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\byXNgeBt.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\byXOfgFX.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\byXPJCTK.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\byXRijhH.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\cbXNDSiH.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\cbXNDsSL.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\cbXPfEVO.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\cbXPjKBU.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\cbXRLEtU.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ddcAPGVn.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ddcBTKCv.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ddcCVNHb.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ddcDutQh.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\drivers\HP_D7222P-ABA M400Y_YW_Pavi_QMXP426_E41NAhmEPC5_4_I P4SD-LA _SASUSTeK Computer INC._VRev 1.xx_B3.24_T040414_WXP1_L409_M512_J160_7Intel_8Pentium 4_92.8_1104C8023_N10EC8139_P_Z11C1044C_K_A808624D5_U808624D2_G10DE0322_O.MRK Object is locked skipped
C:\WINDOWS\system32\drivers\spools.exe Infected: Worm.Win32.Socks.ff skipped
C:\WINDOWS\system32\efcARhEW.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\efcBuRlL.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\efcBuTlL.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\efcCVMdD.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\efcDUoNg.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\efcYOecD.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\fccAqqOh.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\fccaWQij.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\fccdAQIA.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\fccyvTLB.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\fccywwwX.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\geBrpmmm.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\geBtUkjH.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hgGvspQi.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\hgGwUkJC.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\hgGxUNDS.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\iifefGvt.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\jkkJaaaw.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\jkkJyARl.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\jkkKeeBQ.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\jkkLBssp.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\jkkLdEXQ.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\khfCspoP.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\khfCtrSk.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\khfDuUNG.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\khfEWPFx.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\khfEXRiJ.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ljJAPJAT.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ljJCtrsp.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ljJCuTnl.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ljJDTKBQ.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\lshosts32.exe Infected: Backdoor.Win32.IRCBot.gen skipped
C:\WINDOWS\system32\mlJAtRKd.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\mlJBQkll.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\mlJCRkJb.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\mlJCSlKe.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\mlJCTKEw.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\mlJYrSMG.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\mlJYstqN.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\MSINET.OCX Object is locked skipped
C:\WINDOWS\system32\nnnlmJCu.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\nnnmmnMe.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\nnnmnlLd.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\opnkiFwX.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\pmnkKCvU.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\pmnliFWo.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\pmnlihhI.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\pmnljJCR.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\pnVes06\pnVes061083.exe Infected: Trojan-Downloader.Win32.VB.ebf skipped
C:\WINDOWS\system32\qoMCvTJA.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\qoMeCrqN.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\qoMgeffe.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\rqRIaWMc.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\rqRIbYOI.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\rqRLbbYR.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\rqRLcATk.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\rqRlIawT.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ssqOFXOF.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ssqPfdDV.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ssqPigFX.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ssqPjhFv.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ssqRKETj.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\tuvSighg.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\tuvSkKAP.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\tuvSmlIa.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\tuvUnMFW.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\tuvVPhgF.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\tuvWnmnk.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\tuvWoonL.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\urqQhhFV.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\urqQijIy.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\urqRJCUl.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\vtUlIArp.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\vtUmKdAP.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\vtUnoNee.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\vtUoNgef.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wmsdkns.exe Infected: not-virus:Hoax.Win32.Renos.bvd skipped
C:\WINDOWS\system32\wvUnKApp.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\wvUoOFUL.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\xxyASijI.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\yayaArop.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\yayaAsTl.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\yayvVoOi.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\yayxyxxy.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\Temp\History\History.IE5\desktop.ini Object is locked skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2RG7ZMEK\desktop.ini Object is locked skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\9PT0LB3Y\desktop.ini Object is locked skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\MZU455IS\desktop.ini Object is locked skipped
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\O9KRRY8X\desktop.ini Object is locked skipped
C:\WINDOWS\Temp\ZLT053b7.TMP Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\2cd19bc6.DLL Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\Bbrd1.bmp Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\Bbrd2.bmp Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\Bbrd3.bmp Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\Bbrd4.bmp Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\Bbrd5.bmp Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\Bbrd6.bmp Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\Bbrd7.bmp Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\blue.bmp Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\Corecomp.ini Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\Cpuinf32.dll Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\Ctl3d32.dll Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\ereg.dll Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\ereg3201.dll Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\IsUninst.Exe Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\Midibase.mid Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\Midiex.mid Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\Names.reg Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\Projects.ini Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\ProjectsEX.ini Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\ProjectsFull.ini Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\red.bmp Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\regadll.dll Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\setup.bmp Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\setup.hlp Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\Snap.bmp Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\Test.bmp Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\value.shl Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\vssver.scc Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\Wavetest.wav Object is locked skipped
C:\WINDOWS\Temp\_ISTMP0.DIR\Weblinks.reg Object is locked skipped
C:\WINDOWS\uninst.exe Object is locked skipped
C:\WINDOWS\Web\Wallpaper\info-1024.bmp Object is locked skipped
C:\WINDOWS\Web\Wallpaper\info-1280.bmp Object is locked skipped
C:\WINDOWS\Web\Wallpaper\info-800.bmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\winself.exe Infected: Trojan.Win32.DNSChanger.cjd skipped
C:\WINDOWS\WORDPAD.INI Object is locked skipped
C:\WINDOWS\zrwnx.txt Object is locked skipped

Hello roadrunner23

Welcome to Safer Networking.

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
That said, All advice given by anyone volunteering here, is taken at own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.

Please do not start any new topics, just reply to this thread only by using the Submit Reply, if your reply wont fit you can take as many replies as you need.

You have a real mess going on, I am trying to figure out how this computer even starts up. I am looking at multiple infections and one being a trojan downloader so I want you to outside of posting here to stay off the internet until we get you cleaned up or there will be more of this garbage showing up.

Run this first,


Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

You are so right. My computer would hardly start up. Many thanks for helping me out.

Here is the SDFix Report:


SDFix: Version 1.176
Run by Gaines on Sun 04/27/2008 at 08:38 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Killing PID 808 'wmsdkns.exe'
Killing PID 808 'wmsdkns.exe'

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper
Restoring Default Schedule Service Path

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat - Contains Links to Malware Sites! - Deleted
C:\Documents and Settings\Brad\cftmon.exe - Deleted
C:\Documents and Settings\Gaines\cftmon.exe - Deleted
C:\WINDOWS\17PHolmes72.exe - Deleted
C:\WINDOWS\123messenger.per - Deleted
C:\WINDOWS\2020search.dll - Deleted
C:\WINDOWS\2020search2.dll - Deleted
C:\WINDOWS\apphelp32.dll - Deleted
C:\WINDOWS\asferror32.dll - Deleted
C:\WINDOWS\asycfilt32.dll - Deleted
C:\WINDOWS\athprxy32.dll - Deleted
C:\WINDOWS\ati2dvaa32.dll - Deleted
C:\WINDOWS\ati2dvag32.dll - Deleted
C:\WINDOWS\audiosrv32.dll - Deleted
C:\WINDOWS\autodisc32.dll - Deleted
C:\WINDOWS\avifile32.dll - Deleted
C:\WINDOWS\avisynthex32.dll - Deleted
C:\WINDOWS\aviwrap32.dll - Deleted
C:\WINDOWS\bjam.dll - Deleted
C:\WINDOWS\bokja.exe - Deleted
C:\WINDOWS\browserad.dll - Deleted
C:\WINDOWS\cdsm32.dll - Deleted
C:\WINDOWS\changeurl_30.dll - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\didduid.ini - Deleted
C:\WINDOWS\licencia.txt - Deleted
C:\WINDOWS\msa64chk.dll - Deleted
C:\WINDOWS\msapasrc.dll - Deleted
C:\WINDOWS\msoevc.exe - Deleted
C:\WINDOWS\mspphe.dll - Deleted
C:\WINDOWS\mssvr.exe - Deleted
C:\WINDOWS\ntnut.exe - Deleted
C:\WINDOWS\saiemod.dll - Deleted
C:\WINDOWS\shdocpe.dll - Deleted
C:\WINDOWS\shdocpl.dll - Deleted
C:\WINDOWS\stcloader.exe - Deleted
C:\WINDOWS\swin32.dll - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\system32\winfrun32.bin - Deleted
C:\WINDOWS\system32\wmsdkns.exe - Deleted
C:\WINDOWS\telefonos.txt - Deleted
C:\WINDOWS\textos.txt - Deleted
C:\WINDOWS\voiceip.dll - Deleted
C:\WINDOWS\winsb.dll - Deleted
C:\WINDOWS\winself.exe - Deleted
C:\WINDOWS\system32\drivers\spools.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 20:54:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS]
"StateIndex"=dword:00000000

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 30 Jun 2004 204 A.SHR --- "C:\BOOT.BAK"
Fri 22 Apr 2005 2,058 A.SH. --- "C:\WINDOWS\mfcwx32.dll"
Wed 10 Sep 2003 49,237 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Wed 10 Sep 2003 36,953 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Wed 10 Sep 2003 40,960 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Wed 10 Sep 2003 233,553 A..H. --- "C:\Program Files\America Online 9.0\waol.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 21 Feb 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 14 Mar 2006 782 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv10.bak"
Wed 25 Jul 2007 2,306 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak"
Sun 11 Jun 2006 782 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
Sat 21 Apr 2007 1,163 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv13.bak"
Sat 20 Jan 2007 782 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Sat 15 Sep 2007 1,163 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv15.bak"
Sat 1 Sep 2007 782 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv16.bak"
Sat 15 Sep 2007 1,163 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv17.bak"
Sat 12 May 2007 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv18.bak"
Sun 18 Mar 2007 782 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv19.bak"
Thu 1 Jul 2004 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRMbackup\DRMv1.bak"
Sun 29 Jan 2006 3,068 A.SH. --- "C:\Documents and Settings\All Users\DRMbackup\DRMv10.bak"
Sun 12 Feb 2006 2,306 A.SH. --- "C:\Documents and Settings\All Users\DRMbackup\DRMv11.bak"
Tue 20 Dec 2005 2,687 A.SH. --- "C:\Documents and Settings\All Users\DRMbackup\DRMv12.bak"
Wed 1 Dec 2004 782 A.SH. --- "C:\Documents and Settings\All Users\DRMbackup\DRMv13.bak"
Fri 13 Jan 2006 2,687 A.SH. --- "C:\Documents and Settings\All Users\DRMbackup\DRMv14.bak"
Wed 19 Oct 2005 2,306 A.SH. --- "C:\Documents and Settings\All Users\DRMbackup\DRMv15.bak"
Tue 20 Dec 2005 3,449 A.SH. --- "C:\Documents and Settings\All Users\DRMbackup\DRMv16.bak"
Fri 16 Sep 2005 401 A.SH. --- "C:\Documents and Settings\All Users\DRMbackup\DRMv17.bak"
Mon 20 Jun 2005 1,544 A.SH. --- "C:\Documents and Settings\All Users\DRMbackup\DRMv18.bak"
Thu 3 Nov 2005 1,163 A.SH. --- "C:\Documents and Settings\All Users\DRMbackup\DRMv19.bak"
Tue 14 Mar 2006 2,942 A..H. --- "C:\Program Files\Common Files\AOL\IPHSend\IPH.BAK"
Sun 27 Apr 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT7.tmp"
Thu 19 Jan 2006 21,504 ...H. --- "C:\Documents and Settings\Gaines\Application Data\Microsoft\Word\~WRL0004.tmp"
Tue 21 Feb 2006 4,348 ...H. --- "C:\Documents and Settings\Gaines\My Documents\My Music\License Backup\drmv1key.bak"
Thu 25 Jan 2007 4,592 A..H. --- "C:\Documents and Settings\Gaines\My Documents\My Music\License Backup\drmv1lic.bak"
Sat 29 Apr 2006 400 A.SH. --- "C:\Documents and Settings\Gaines\My Documents\My Music\License Backup\drmv2key.bak"
Wed 10 Sep 2003 111,824 A..H. --- "C:\Program Files\Common Files\aolshare\shell\us\shellext.dll"
Tue 21 Feb 2006 4,348 ...H. --- "C:\Documents and Settings\Gaines\Application Data\Real\Rhapsody\wmlicbackup\drmv1key.bak"
Sun 17 Feb 2008 9,926 A..H. --- "C:\Documents and Settings\Gaines\Application Data\Real\Rhapsody\wmlicbackup\drmv1lic.bak"
Sat 29 Apr 2006 400 A.SH. --- "C:\Documents and Settings\Gaines\Application Data\Real\Rhapsody\wmlicbackup\drmv2key.bak"
Mon 28 Aug 2006 11,115 A.SH. --- "C:\Documents and Settings\All Users\Documents\Newest Computer Documents\My Documents\My Documents\My Music\License Backup\drmv2key.bak"

Finished!


Here is my new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:04 PM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Parental Controls\PCTHelp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PCTAgent] C:\Program Files\Parental Controls\PCTHelp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [b89b2f89] rundll32.exe "C:\WINDOWS\system32\cqanjbde.dll",b
O4 - HKLM\..\Run: [BMbba81c15] Rundll32.exe "C:\WINDOWS\system32\uxspkmnh.dll",s
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O15 - Trusted Zone: http://*.stpaultravelers.com
O15 - Trusted Zone: http://*.gulfinsurance.com (HKLM)
O15 - Trusted Zone: http://*.northlandins.com (HKLM)
O15 - Trusted Zone: http://*.northlandonline.com (HKLM)
O15 - Trusted Zone: *.spt.com (HKLM)
O15 - Trusted Zone: http://*.spt.com (HKLM)
O15 - Trusted Zone: http://*.stpaul.com (HKLM)
O15 - Trusted Zone: http://*.stpaultravelers.com (HKLM)
O15 - Trusted Zone: http://*.travelers.com (HKLM)
O15 - Trusted Zone: http://*.travelerspc.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111840744828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160941981468
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {89521361-EA5B-11D7-97CA-00E08103E149} (Parental Controls Agent Class) - http://pccfg.ourlinksys.com:8080/config/elements/artemislogin/PCTAgent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11589 bytes

Good Morning,

Good job :bigthumb: but lots more to do. Run both these scans in the order I am posting them , each will produce a report along with the cleaning , save them because I need to see them to see what and what has not been removed, then post a new HJT log after your done with the scans.



Download VundoFix (http://www.atribune.org/ccount/click.php?id=4 ) to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.




Please download Malwarebytes' Anti-Malware from Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) or Here (http://www.besttechie.net/tools/mbam-setup.exe)

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <----Don't forget this
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply along with a Hijackthis log.

Good evening. I think that we are making progress. Once again, I really appreciate your help.

VundoFix did not find any files.

Here is my MBAM log:

Malwarebytes' Anti-Malware 1.11
Database version: 694

Scan type: Quick Scan
Objects scanned: 37126
Time elapsed: 9 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 18
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 103

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\webhancer\Programs\webhdll.dll (Adware.WebHancer) -> Unloaded module successfully.
C:\WINDOWS\system32\mjwwvnls.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\opnlJbCv.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4cbf9e37-e487-48af-8e1a-298b333bfa78} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4cbf9e37-e487-48af-8e1a-298b333bfa78} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMbba81c15 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnljbcv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnljbcv -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\webHancer (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Delete on reboot.

Files Infected:
c:\program files\webhancer\Programs\webhdll.dll (Adware.WebHancer) -> Delete on reboot.
C:\WINDOWS\system32\mjwwvnls.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\slnvwwjm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnlJbCv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vCbJlnpo.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vCbJlnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\rictions.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\lfn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xqpjriub.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\xxyASijI.dll (Backdoor.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvSighg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvSkKAP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvSmlIa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvUnMFW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvVPhgF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvWnmnk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvWoonL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMCvTJA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMeCrqN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qoMgeffe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXNDSiH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXNDsSL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXPfEVO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXPjKBU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXRLEtU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBrpmmm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBtUkjH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkJaaaw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkJyARl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkKeeBQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkLBssp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkLdEXQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnkiFwX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcAPGVn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcBTKCv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcCVNHb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddcDutQh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXNdaab.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXNfDUo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXNgdeE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXNgeBt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRIaWMc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRIbYOI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRLbbYR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRLcATk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRlIawT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnlmJCu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnmmnMe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnmnlLd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqQhhFV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqQijIy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqRJCUl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtqqpOI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtsQJDt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtusTll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXOfgFX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXPJCTK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\byXRijhH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcARhEW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcBuRlL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcBuTlL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcCVMdD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcDUoNg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcYOecD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGvspQi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGwUkJC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGxUNDS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifefGvt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJAtRKd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJBQkll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJCRkJb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJCSlKe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJCTKEw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJYrSMG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJYstqN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayaArop.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayaAsTl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayvVoOi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayxyxxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqOFXOF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqPfdDV.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqPigFX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqPjhFv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqRKETj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJAPJAT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJCtrsp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJCuTnl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJDTKBQ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUnKApp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUoOFUL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnliFWo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnlihhI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccAqqOh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccaWQij.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccdAQIA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccyvTLB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccywwwX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfCspoP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfCtrSk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfDuUNG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEWPFx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\khfEXRiJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


Here is my new HJT log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:39:46 PM, on 4/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Parental Controls\PCTHelp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: {e9dc12a4-20df-ef38-fed4-10bd4ae3e971} - {179e3ea4-db01-4def-83fe-fd024a21cd9e} - C:\WINDOWS\system32\kdefiwsy.dll
O2 - BHO: (no name) - {1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F} - C:\WINDOWS\system32\vtUoNgef.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D3CAF29A-A293-47D9-BDE1-34588F5599FE} - C:\WINDOWS\system32\hgGyVpNH.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PCTAgent] C:\Program Files\Parental Controls\PCTHelp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [b89b2f89] rundll32.exe "C:\WINDOWS\system32\mjwwvnls.dll",b
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.stpaultravelers.com
O15 - Trusted Zone: http://*.gulfinsurance.com (HKLM)
O15 - Trusted Zone: http://*.northlandins.com (HKLM)
O15 - Trusted Zone: http://*.northlandonline.com (HKLM)
O15 - Trusted Zone: *.spt.com (HKLM)
O15 - Trusted Zone: http://*.spt.com (HKLM)
O15 - Trusted Zone: http://*.stpaul.com (HKLM)
O15 - Trusted Zone: http://*.stpaultravelers.com (HKLM)
O15 - Trusted Zone: http://*.travelers.com (HKLM)
O15 - Trusted Zone: http://*.travelerspc.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111840744828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160941981468
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {89521361-EA5B-11D7-97CA-00E08103E149} (Parental Controls Agent Class) - http://pccfg.ourlinksys.com:8080/config/elements/artemislogin/PCTAgent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: vtUoNgef - C:\WINDOWS\SYSTEM32\vtUoNgef.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12195 bytes

Hello,

FYI <-- What we removed so far was the SDBot worm, what we are working on now is the Vundo Trojan, this trojan changes file names as quick as a bolt of lightning so its no wonder Vundo didn't find anything, but Malwarebytes found a ton of them along with some other malware, it may be just the tip of the iceburg.


Download ComboFix from Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) or Here (http://subs.geekstogo.com/ComboFix.exe) to your Desktop.

In the event you already have Combofix, this is a new version that I need you to download.
It must be saved directly to your desktop.


1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
Click on this link (http://www.bleepingcomputer.com/forums/topic114351.html) to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re enable the protection again afterwards before connecting to the net



2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.

IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.


3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.

Here is my ComboFix.txt:

ComboFix 08-04-27.3 - Gaines 2008-04-28 19:24:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.133 [GMT -5:00]
Running from: C:\Documents and Settings\Gaines\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\webhancer
C:\Program Files\webhancer\Programs\webhdll.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\edbjnaqc.ini
C:\WINDOWS\system32\fOnVwGgh.ini
C:\WINDOWS\system32\fOnVwGgh.ini2
C:\WINDOWS\system32\hgGwVnOf.dll
C:\WINDOWS\system32\HNpVyGgh.ini
C:\WINDOWS\system32\HNpVyGgh.ini2
C:\WINDOWS\system32\hoxnypuv.ini
C:\WINDOWS\system32\iklsmhxd.dll
C:\WINDOWS\system32\kdefiwsy.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mjwwvnls.dll
C:\WINDOWS\system32\opnlJbCv.dll
C:\WINDOWS\system32\pmnkKCvU.dll
C:\WINDOWS\system32\pmnljJCR.dll
C:\WINDOWS\system32\tgpcyltl.dll
C:\WINDOWS\system32\uxspkmnh.dll
C:\WINDOWS\system32\vCbJlnpo.ini
C:\WINDOWS\system32\vCbJlnpo.ini2
C:\WINDOWS\system32\vtUlIArp.dll
C:\WINDOWS\system32\vtUmKdAP.dll
C:\WINDOWS\system32\vtUnoNee.dll
C:\WINDOWS\system32\vtUoNgef.dll
C:\WINDOWS\system32\vupynxoh.dll
C:\WINDOWS\system32\xqpjriub.dll
C:\WINDOWS\wintst32.tmp
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4


((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.

2008-04-28 18:20 . 2008-04-28 18:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-28 18:20 . 2008-04-28 18:20 <DIR> d-------- C:\Documents and Settings\Gaines\Application Data\Malwarebytes
2008-04-28 18:20 . 2008-04-28 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-28 17:14 . 2008-04-28 17:14 <DIR> d-------- C:\VundoFix Backups
2008-04-27 20:26 . 2008-04-27 20:27 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-27 20:22 . 2008-04-27 21:11 <DIR> d-------- C:\SDFix
2008-04-27 10:24 . 2008-04-27 10:24 107,072 --a------ C:\WINDOWS\system32\husinlod.dll_old
2008-04-27 10:23 . 2008-04-28 17:07 109,738 --a------ C:\WINDOWS\BMbba81c15.xml
2008-04-27 09:01 . 2008-04-27 09:01 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-26 21:37 . 2008-04-26 21:37 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-26 21:37 . 2008-04-26 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-26 17:35 . 2008-04-26 17:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-26 13:05 . 2008-04-26 13:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-26 08:58 . 2008-04-26 08:58 <DIR> d-------- C:\WINDOWS\system32\pnVes06
2008-04-26 08:58 . 2008-04-26 08:58 <DIR> d-------- C:\temp\zvebs14
2008-04-05 20:16 . 2006-08-21 04:14 128,896 --a--c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-05 20:16 . 2006-08-21 04:14 23,040 --a--c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-05 20:16 . 2006-08-21 07:21 16,896 --a--c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-05 20:10 . 2008-04-05 20:10 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-26 20:25 3,206,144 ----a-w C:\WINDOWS\Internet Logs\xDBA4.tmp
2008-04-26 20:25 1,616,384 ----a-w C:\WINDOWS\Internet Logs\xDBA5.tmp
2008-04-26 18:45 3,179,520 ----a-w C:\WINDOWS\Internet Logs\xDBA2.tmp
2008-04-26 18:45 20,992 ----a-w C:\WINDOWS\Internet Logs\xDBA3.tmp
2008-04-26 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-26 18:31 309,760 ----a-w C:\WINDOWS\Internet Logs\xDBA0.tmp
2008-04-26 18:31 3,301,888 ----a-w C:\WINDOWS\Internet Logs\xDB9F.tmp
2008-04-26 18:03 --------- d-----w C:\Program Files\Yahoo!
2008-04-26 16:14 3,286,528 ----a-w C:\WINDOWS\Internet Logs\xDB9D.tmp
2008-04-26 16:14 3,116,032 ----a-w C:\WINDOWS\Internet Logs\xDB9E.tmp
2008-04-26 16:06 3,284,992 ----a-w C:\WINDOWS\Internet Logs\xDBA1.tmp
2008-04-01 23:00 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB9C.tmp
2008-04-01 22:58 3,165,184 ----a-w C:\WINDOWS\Internet Logs\xDB9B.tmp
2008-04-01 22:09 3,168,768 ----a-w C:\WINDOWS\Internet Logs\xDB99.tmp
2008-04-01 22:09 2,893,312 ----a-w C:\WINDOWS\Internet Logs\xDB9A.tmp
2008-03-27 16:39 2,904,576 ----a-w C:\WINDOWS\Internet Logs\xDB98.tmp
2008-03-27 13:42 3,167,232 ----a-w C:\WINDOWS\Internet Logs\xDB97.tmp
2008-03-13 02:12 --------- d-----w C:\Documents and Settings\Gaines\Application Data\AdobeUM
2008-03-06 00:48 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-06 00:41 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-03-04 03:10 75,264 ----a-w C:\WINDOWS\Internet Logs\xDB96.tmp
2008-03-04 01:25 3,149,312 ----a-w C:\WINDOWS\Internet Logs\xDB94.tmp
2008-03-04 00:56 3,150,336 ----a-w C:\WINDOWS\Internet Logs\xDB93.tmp
2008-03-04 00:56 2,907,648 ----a-w C:\WINDOWS\Internet Logs\xDB95.tmp
2008-02-16 17:46 3,122,176 ----a-w C:\WINDOWS\Internet Logs\xDB91.tmp
2008-02-16 17:46 2,989,056 ----a-w C:\WINDOWS\Internet Logs\xDB92.tmp
2006-06-22 16:41 5,032 ----a-r C:\WINDOWS\inf\SET7E7.tmp
2006-06-22 16:41 5,032 ----a-r C:\WINDOWS\inf\SET7D4.tmp
2006-06-22 16:41 5,032 ----a-r C:\WINDOWS\inf\SET7C5.tmp
2006-06-22 16:41 5,032 ----a-r C:\WINDOWS\inf\SET700.tmp
2006-06-22 16:41 5,032 ----a-r C:\WINDOWS\inf\SET43.tmp
2005-04-22 21:03 2,058 --sha-w C:\WINDOWS\mfcwx32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3CAF29A-A293-47D9-BDE1-34588F5599FE}]
C:\WINDOWS\system32\hgGyVpNH.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"NVIEW"="nview.dll" [2003-08-19 05:56 852038 C:\WINDOWS\system32\nview.dll]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-23 00:25 24576]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 16:22 3739648]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 20:41 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-04 02:56 50176]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-10-03 00:19 118784]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 10:23 90112]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 05:55 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 23:02 61440]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-11-04 01:36 45056]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-12-17 03:10 151597]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-08-19 05:56 4841472]
"nwiz"="nwiz.exe" [2003-08-19 05:56 323584 C:\WINDOWS\system32\nwiz.exe]
"LTMSG"="LTMSG.exe" [2003-07-14 20:52 40960 C:\WINDOWS\ltmsg.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 19:57 81920]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 20:11 139264]
"Zone Labs Client"="C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe" [2004-04-01 09:30 693520]
"WD Button Manager"="WDBtnMgr.exe" [2005-12-29 13:28 335872 C:\WINDOWS\system32\WDBtnMgr.exe]
"NAV CfgWiz"="c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 21:24 124096]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-15 03:59 70816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"PCTAgent"="C:\Program Files\Parental Controls\PCTHelp.exe" [2006-11-02 13:24 856064]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-12-25 13:57 77824]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 02:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Gaines\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2005-01-08 17:10:04 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 01:12:18 113664]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-07-07 18:14:23 36953]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 11:20:40 45056]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-05-20 03:36:16 757760]
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-11 17:58:16 16423]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-12-17 03:47:29 45056]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2005-11-02 22:01 50792 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2005-11-02 22:01 50792 C:\Program Files\Common Files\AOL\1120858984\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2004-06-10 14:14 2498560 C:\Program Files\Yahoo!\Messenger\ypager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 04:47]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 03:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

.
Contents of the 'Scheduled Tasks' folder
"2004-07-02 02:10:13 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2003-12-17 13:26:36 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 19:35:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\eHome\ehsched.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Updates from HP\137903\Program\Backweb-137903\BackWeb-137903.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe
.
**************************************************************************
.
Completion time: 2008-04-28 19:51:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-29 00:51:10

Pre-Run: 65,704,009,728 bytes free
Post-Run: 65,600,094,208 bytes free

212 --- E O F --- 2008-04-06 01:26:56


Here is my new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:54:18 PM, on 4/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Parental Controls\PCTHelp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903\BackWeb-137903.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D3CAF29A-A293-47D9-BDE1-34588F5599FE} - C:\WINDOWS\system32\hgGyVpNH.dll (file missing)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PCTAgent] C:\Program Files\Parental Controls\PCTHelp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.stpaultravelers.com
O15 - Trusted Zone: http://*.gulfinsurance.com (HKLM)
O15 - Trusted Zone: http://*.northlandins.com (HKLM)
O15 - Trusted Zone: http://*.northlandonline.com (HKLM)
O15 - Trusted Zone: *.spt.com (HKLM)
O15 - Trusted Zone: http://*.spt.com (HKLM)
O15 - Trusted Zone: http://*.stpaul.com (HKLM)
O15 - Trusted Zone: http://*.stpaultravelers.com (HKLM)
O15 - Trusted Zone: http://*.travelers.com (HKLM)
O15 - Trusted Zone: http://*.travelerspc.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111840744828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160941981468
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {89521361-EA5B-11D7-97CA-00E08103E149} (Parental Controls Agent Class) - http://pccfg.ourlinksys.com:8080/config/elements/artemislogin/PCTAgent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12035 bytes

Hello,

Things are looking good :bigthumb: just a wee bit more to do.

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O2 - BHO: (no name) - {D3CAF29A-A293-47D9-BDE1-34588F5599FE} - C:\WINDOWS\system32\hgGyVpNH.dll (file missing)

Not sure what this one is but it will prompt you for it the next time you visit the site, if you know what it is and know it to be safe than leave it be.
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll


Before we go any further, lets up date your Java as the older versions had holes that lets this garbage in.


Your Java is out of date and leaving your system vulnerable.
Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
It should have an icon next to it:
http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg
Select it and click Remove.
Reboot your system.
Then go to the Sun Microsystems (http://java.sun.com/javase/downloads/index.jsp) and install the update
Java Runtime Environment (JRE) 6 Update 6 <--This is what you need to download and install.
If you chose the online installation, it will prompt you to run the program.
If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
Then after install you can verify your installation here Sun Java Verify (http://www.java.com/en/download/manual.jsp)
I like to to do the offline installation and save the setup file in case I may need it in the future



Run this system cleaner.

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up


Combofix picked up a file that is questionable, do this please.

You need to enable windows to show all files and folders, instructions Here (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see.

C:\WINDOWS\mfcwx32.dll <-- This file


Post the report from VirusTotal and a New HJT log and let me know how your system is running now, the rest of your log looks fine :bigthumb:

Things are running much faster now!

The only other problem that I have detected is that when I switch over to another user on this computer, my browser home page has been hijacked by msn.com and a Google toolbar. I try to change them back to my desired homepage, but they keep changing back to msn.com with the Google toolbar pop-up.


Here is the VirusTotal response:

0 bytes size received / Se ha recibido un archivo vacio

Here is my new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:58 PM, on 4/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Parental Controls\PCTHelp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray\sgtray.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903\BackWeb-137903.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PCTAgent] C:\Program Files\Parental Controls\PCTHelp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.stpaultravelers.com
O15 - Trusted Zone: http://*.gulfinsurance.com (HKLM)
O15 - Trusted Zone: http://*.northlandins.com (HKLM)
O15 - Trusted Zone: http://*.northlandonline.com (HKLM)
O15 - Trusted Zone: *.spt.com (HKLM)
O15 - Trusted Zone: http://*.spt.com (HKLM)
O15 - Trusted Zone: http://*.stpaul.com (HKLM)
O15 - Trusted Zone: http://*.stpaultravelers.com (HKLM)
O15 - Trusted Zone: http://*.travelers.com (HKLM)
O15 - Trusted Zone: http://*.travelerspc.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111840744828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160941981468
O16 - DPF: {89521361-EA5B-11D7-97CA-00E08103E149} (Parental Controls Agent Class) - http://pccfg.ourlinksys.com:8080/config/elements/artemislogin/PCTAgent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11471 bytes

Good Morning,

Look at your HJT log under the 015 entries, these are sites that where placed in your Internet Explorer Trusted Zone, they look legit to me but if you want to fix that let me know.

You can uninstall the Google Toolbar via the Add Remove Programs in the Control Panel, log on as the other user and uninstall it if you don't want it. Then browse to the page you want to set as your homepage with Internet Explorer and go to Tools> Internet Options and under the homepage select Use Current , then appy > OK . Browse to another site and then click on your home button and see if it worked.

The rest of your log looks fine :bigthumb: Things should be chuggin away quite well, you did a very good job following all my instructions. Let me know if it worked and if not we can dig deeper

Ken:p:

Good evening,

The 015 entries on my HJT log are okay.

I tried resetting my home page, but it still reverts back to msn.com. I did get rid of the Google toolbar. I also noticed that the background on all of my dropdown menus on that IE window are dark gray instead of white. That happened about the same time my computer was infected. Also, when I click on the Start button in the bottom left of the desktop for that user, the left side of the screen that pops up is totally blank. I don't know if that had anything to do with the viruses or not.

Also, I wanted to see if you could recommend a good anti-virus program.

I really do appreciate your help. I thought that my computer was ruined.

Hi,

You have Symantec installed and thats kind of a love / hate relationship. If your happy with it keep it if not you can uninstall it and I am listing some free AV programs for you if you want one. Just keep in mind that you should only run ONE AV program, more is overkill and will slow your system down.


Free Anti Virus Programs


AVG Free (http://free.grisoft.com/doc/avg-anti-virus-free/lng/us/tpl/v5)
Free Avast 4 Home Edition (http://www.avast.com/eng/avast_4_home.html)
Avira AntiVir® Personal Edition Classic (http://www.free-av.com/)



A Firewall also should be installed, these are all free


Sygate Personal Firewall Free Edition (http://www.filehippo.com/download_sygate_personal_firewall/[/url])
Comodo Personal Firewall (http://www.personalfirewall.comodo.com/)
Outpost Firewall Free (http://www.agnitum.com/products/outpostfree/index.php)
Zone Alarm (http://www.pcworld.com/downloads/file_description/0,fid,7228,00.asp)




Why don't you do a windows update and install Internet Explorer 7, its a lot more secure than IE6 or you can get it here and lets see if you still have issues with the second user not being able to change the homepage. As far as the other issues with the second user, they may all be related, keep in mind that the reason we call it malware is because its short for malicious ware and sometimes it does leave some damage on your system. After where done here I will link you to some windows support forums that deal with issues like that.
http://www.microsoft.com/windows/downloads/ie/getitnow.mspx

Let me know how it went?

I removed the Symantec AV program, and I am going to try one of the free programs that you listed.

I have read some reviews on IE7, and many people do not seem to like it. Do you have it?

I ran Spybot on that other user on my computer. It found and removed Virtumonde.dll. Do you think that I should try anything else?

Hi,

I don't think there is anything to worry about but to be on the safeside, log on to the other user and run HJT and post the log.

Here is the HJT log from the other user on the same computer:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:58 PM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PCTAgent] C:\Program Files\Parental Controls\PCTHelp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKUS\S-1-5-21-3520942272-335186276-177586940-1007\..\Run: [RecordNow!] (User 'Gaines')
O4 - HKUS\S-1-5-21-3520942272-335186276-177586940-1007\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User 'Gaines')
O4 - HKUS\S-1-5-21-3520942272-335186276-177586940-1007\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe (User 'Gaines')
O4 - HKUS\S-1-5-21-3520942272-335186276-177586940-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Gaines')
O4 - HKUS\S-1-5-21-3520942272-335186276-177586940-1007\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart (User 'Gaines')
O4 - HKUS\S-1-5-21-3520942272-335186276-177586940-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Gaines')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-3520942272-335186276-177586940-1007 Startup: PowerReg Scheduler V3.exe (User 'Gaines')
O4 - S-1-5-21-3520942272-335186276-177586940-1007 User Startup: PowerReg Scheduler V3.exe (User 'Gaines')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.gulfinsurance.com (HKLM)
O15 - Trusted Zone: http://*.northlandins.com (HKLM)
O15 - Trusted Zone: http://*.northlandonline.com (HKLM)
O15 - Trusted Zone: *.spt.com (HKLM)
O15 - Trusted Zone: http://*.spt.com (HKLM)
O15 - Trusted Zone: http://*.stpaul.com (HKLM)
O15 - Trusted Zone: http://*.stpaultravelers.com (HKLM)
O15 - Trusted Zone: http://*.travelers.com (HKLM)
O15 - Trusted Zone: http://*.travelerspc.com (HKLM)
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1111840744828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160941981468
O16 - DPF: {89521361-EA5B-11D7-97CA-00E08103E149} (Parental Controls Agent Class) - http://pccfg.ourlinksys.com:8080/config/elements/artemislogin/PCTAgent.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9760 bytes

Hi,

No baddies on your log but you can fix these with HJT

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - Default URLSearchHook is missing

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone

Take Care,

Ken:)