I keep getting xlibgfl254.dll error messages

[revsfreeman]

I keep getting xlibgfl254.dll error messages. I have perused several of the threads that talk about this. all say that I should post the kaspersky log file and the hijackthis log file. I have run the Spybot in safe mode as directed and have removed all spyware it found. Any help on this would be greatly appreciated as this virus seems to be quite resistant to my antivirus software. I have followed the rest of the instructions for this and the log files for Kaspersky and hijackthis follow in the next post.

 

[revsfreeman]

Kaspersky log file

KASPERSKY ONLINE SCANNER REPORT
Friday, September 14, 2007 11:16:23 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 14/09/2007
Kaspersky Anti-Virus database records: 418356
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 95167
Number of viruses found: 12
Number of infected objects: 29
Number of suspicious objects: 3
Duration of the scan process: 01:51:14
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\dbdam Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\dbdao Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\dbeam Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\dbeao Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\dbm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\fii.cf1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\hp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Desktop\d633c2ec930b\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.100.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.100.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.ci Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wsb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl412.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy26.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_f90.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SingleClick Systems\HomeNet Manager\Logs\hnm_svc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\AuthManager\AuthPkg.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\AuthManager\biolsp.txt Object is locked skipped
C:\Documents and Settings\Charles Freeman\Application Data\errsafer.exe Infected: not-a-virusownloader.Win32.WinFixer.o skipped
C:\Documents and Settings\Charles Freeman\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\Charles Freeman\Application Data\Microsoft\Templates\NormalEmail.dotm Object is locked skipped
C:\Documents and Settings\Charles Freeman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-4b9c0e39-1d166fc5.zip/OP.class Infected: Trojan-Downloader.Java.OpenStream.ab skipped
C:\Documents and Settings\Charles Freeman\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-4b9c0e39-1d166fc5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Charles Freeman\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Home~.feed-ms Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~\Microsoft at Work~.feed-ms Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Application Data\Microsoft\Outlook\2006 archive.pst Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/24 May 2003 06:20 from support@microsoft.com:Re: My application/movie28.pif Infected: Email-Worm.Win32.Sobig.b skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Inbox/22 May 2003 16:55 from support@microsoft.com:Screensaver/screen_doc.pif Infected: Email-Worm.Win32.Sobig.b skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Application Data\Microsoft\Outlook\archive.pst Mail MS Mail: infected - 2 skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Application Data\Microsoft\Outlook\~archive1.pst.tmp Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Application Data\Microsoft\Outlook\~Outlook1.pst.tmp Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\History\History.IE5\MSHist012007091420070915\index.dat Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Temp\~DF45D5.tmp Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Temp\~DF47CF.tmp Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Temp\~DF4AA4.tmp Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Temp\~DF4C76.tmp Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Temp\~DF5488.tmp Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Temp\~DF8E26.tmp Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Charles Freeman\Local Settings\Temporary Internet Files\Content.Word\~WRS{92D46046-B8B7-480A-A6FC-448E969DE14D}.tmp Object is locked skipped
C:\Documents and Settings\Charles Freeman\My Documents\downloads\geekstogo\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Charles Freeman\My Documents\downloads\geekstogo\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Charles Freeman\My Documents\downloads\geekstogo\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Charles Freeman\My Documents\downloads\geekstogo\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Charles Freeman\My Documents\downloads\winmx\grokstersetup.exe/WISE0029.BIN Infected: not-a-virus:AdWare.Win32.Altnet.c skipped
C:\Documents and Settings\Charles Freeman\My Documents\downloads\winmx\grokstersetup.exe/WISE0033.BIN/WISE0005.BIN Infected: not-a-virus:AdWare.Win32.Altnet.c skipped
C:\Documents and Settings\Charles Freeman\My Documents\downloads\winmx\grokstersetup.exe/WISE0033.BIN Infected: not-a-virus:AdWare.Win32.Altnet.c skipped
C:\Documents and Settings\Charles Freeman\My Documents\downloads\winmx\grokstersetup.exe WiseSFX: infected - 3 skipped
C:\Documents and Settings\Charles Freeman\My Documents\EP5UH\Outlook\archive.pst/Archive Folders/Inbox/25 Jan 2002 19:05 from EndOfItem@ebay.com:eBay End of Item - Unf.eml Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
C:\Documents and Settings\Charles Freeman\My Documents\EP5UH\Outlook\archive.pst/Archive Folders/Inbox/02 Feb 2003 02:02 from chalkart:How are you.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Charles Freeman\My Documents\EP5UH\Outlook\archive.pst/Archive Folders/Inbox/20 Feb 2003 21:55 from dwh2:Here to find out more!.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Charles Freeman\My Documents\EP5UH\Outlook\archive.pst/Archive Folders/Inbox/05 Apr 2003 04:15 from janetvance9:How are you.html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\Charles Freeman\My Documents\EP5UH\Outlook\archive.pst Mail MS Mail: infected - 1, suspicious - 3 skipped
C:\Documents and Settings\Charles Freeman\ntuser.dat Object is locked skipped
C:\Documents and Settings\Charles Freeman\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Charles Freeman\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Memeo\AutoBackup\MemeoService.exe.log-2007-9-14.log Object is locked skipped
C:\SDFix\backups\backups.zip/backups/antivirus.exe Infected: not-a-virusownloader.Win32.WinFixer.o skipped
C:\SDFix\backups\backups.zip/backups/drvcleaner.exe Infected: not-a-virusownloader.Win32.WinFixer.m skipped
C:\SDFix\backups\backups.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP270\A0076290.exe Infected: not-a-virus:AdWare.Win32.Agent.cu skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP272\A0076464.exe Infected: Trojan-Downloader.Win32.Zlob.bzt skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP272\A0076465.exe Infected: Trojan-Downloader.Win32.Zlob.bzt skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP272\A0076466.dll Infected: Trojan-Downloader.Win32.Zlob.bzt skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP303\A0081445.dll Infected: Trojan-Downloader.Win32.Agent.bfj skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP312\A0081945.exe Infected: not-a-virusownloader.Win32.WinFixer.m skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP312\A0081946.exe Infected: not-a-virusownloader.Win32.WinFixer.o skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP312\A0081954.exe Infected: not-a-virusownloader.Win32.WinFixer.o skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP312\A0081955.exe Infected: not-a-virusownloader.Win32.WinFixer.m skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP312\A0081986.exe Infected: not-a-virusownloader.Win32.WinFixer.x skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP312\change.log Object is locked skipped

... rest of log to follow in next post.

 

[revsfreeman]

Kaspersky log file ... last part

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

 

[revsfreeman]

hijackthis log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:59 PM, on 9/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Xerox\WorkCentre C2424\xc24bgts.exe
C:\Program Files\Belkin\F5D8071v1\Belkinwcui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\BKEXVGA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Belkin\Video Dock Power Applet\PowerApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\xnetsrvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070126
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QOELOADER] C:\Program Files\CA\eTrust EZ Armor\eTrust Anti-Spam\QSP-2.1.215.5\QOELoader.exe
O4 - HKLM\..\Run: [CaAvTray] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
O4 - HKLM\..\Run: [CAVRID] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Xerox_WorkCenter_C2424] C:\Program Files\Xerox\WorkCentre C2424\xc24bgts.exe 1
O4 - HKLM\..\Run: [F5D8071] C:\Program Files\Belkin\F5D8071v1\Belkinwcui.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BKEXVGA] C:\WINDOWS\system32\BKEXVGA.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Startup Manager] startUp manager.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Video Dock Power Applet.lnk = C:\Program Files\Belkin\Video Dock Power Applet\PowerApp.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} - https://accounting.quickbooks.com/c5/v16.596/qboax9.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6B9A6E3B-0307-47A7-82B1-F2D215973CAF} (QuickBooks Online Edition Import Utilities Class v6) - https://accounting.quickbooks.com/c5/v16.603/qboimax6.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c1/v16.608/qboax10.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://welcome.webex.com/client/T25L/webex/ieatgpc.cab
O20 - AppInit_DLLs: wxvault.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: bosken - {d1e5ca97-235e-4ff0-9b92-7543c9d61ff4} - (no file)
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Memeo AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12258 bytes

 

[revsfreeman]

never mind...

never having heard back on this... I found another way to resolve. thanks to those who viewed the post and considered a reply. You can close this post now.