problem pop-ups

keith 1000 · 2007/02/27

hi tom
keith again, you helped me out about 6 months ago and i need your help again.. the wife or kid downloaded something, and now when i access internet explorer, i have 2 explorer pages boot up at the same time. 1 is my homepage and the other loads up as a search engine of some sort called www.free(something....) then just disappers and i get the odd pop-up, i scaned with spybot and deleted a few things that it found but its still doing it,and i also installed spyware blaster. you may ask yourself why isn't it already installed on my CPU, well i got a new CPU a few months ago, and still working pretty fresh
so if you can please help here is my hjt.

Logfile of HijackThis v1.99.1
Scan saved at 9:14:40 PM, on 27/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Keith & Carrie\My Documents\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cdfviewb.dll
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Clicker Class - {631f7200-642e-11db-bd13-0800200c9a66} - C:\WINDOWS\system32\mscoriezb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe "
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170519494906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170524756093
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

thanks tom here from ya soon

keith 1000 · 2007/02/27

forgot

forgot
for what its worth my daughter loaded a google tool bar that she said came with limewire, so i went to add remove and uninstalled it

Blender · 2007/02/27

Hi Kieth & welcome back.

Tom is pretty busy these days and he asked me to pop in.

Looks like this is the adware you are dealing with:

http://research.sunbelt-software.com/threatdisplay.aspx?name=Trustin.Bar&threatid=44418

Couple logs I would like to see from you to make sure we get it all. I am not sure if add/remove is going to go as smooth as we like.

Open Hijackthis
Click "open misc tools section "
Click "open uninstall manager "
Click "save list..... "
Save the log & post its contents here.

Next:

Download ComboScan to your Desktop.:

http://www.techsupportforum.com/sectools/Deckard/comboscan.exe

Close all applications and windows.
Double-click on comboscan.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - ComboScan.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of ComboScan.txt here.
A folder, C:\ComboScan, will also open. In it will be another text file, Supplementary.txt.

Please post the contents of Supplementry.txt in your next reply.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

What ComboScan will do:
-create a new System Restore point in Windows XP and Vista.
-clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
-check some important areas of your system and produce a report for your analyst to review.
-ComboScan automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Some of these logs can be quite long so you may need more than one post to get them all in.

Thanks

keith 1000 · 2007/02/27

hi
thanks for the quick responce
well here is the uninstall list but the other one looks a little more time consuming so i don't no if i'll get to it tonight but i'll try
and the pop-ups are getting more frequint, but mainly when i OPEN internet explorer not so much just a out of the blue pop-up

56Kbps Internal Modem
ABBYY FineReader 5.0 Sprint
AC3Filter (remove only)
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
AOL (Choose which version to remove)
Azureus
Babylon
BigFix
DirectVobSub (remove only)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
IncrediMail Xe
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Lexmark 1200 Series
LimeWire 4.12.11
LiveAdvisor (Symantec Corporation)
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works 7.0
MSXML 6.0 Parser (KB927977)
Multimedia Keyboard Driver
Nero 7 Ultra Edition
Norton AntiVirus 2003
NVIDIA Drivers
PowerDVD
RealPlayer Basic
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Symantec WinFax PRO 10.0
TrustIn Contextual
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB931836)
Viewpoint Media Player
Windows Backup Utility
Windows Communication Foundation
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Xvid 1.1.2 final uninstall

Blender · 2007/02/27

Hi

That comboscan should only take a couple minuites tops.
Mine was done in less than 5 minuites.

If you have ALOT if temporary internet files it may take longer but shouldn't be too long.

Regards

Tammy

keith 1000 · 2007/02/27

hi tammy
ya you right it didn't take to long
i don't no how you can do this but thanks a lot, ok heres the combo scan and i'll send the supplementary scan in another post

ComboScan v20070226.18 run by Keith & Carrie on 2007-02-27 at 23:41:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.

-- HijackThis (run as Keith & Carrie.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:42:42 PM, on 27/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Keith & Carrie\My Documents\comboscan.exe
C:\DOCUME~1\KEITH&~1\MYDOCU~1\HIJACK~1\Keith & Carrie.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cdfviewb.dll
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Clicker Class - {631f7200-642e-11db-bd13-0800200c9a66} - C:\WINDOWS\system32\mscoriezb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe "
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170519494906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170524756093
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1 "
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\alcxwdm.sys
1S AmdK7 (AMD K7 Processor Driver) - C:\WINDOWS\system32\drivers\amdk7.sys
3R Arp1394 (1394 ARP Client Protocol) - C:\WINDOWS\system32\drivers\arp1394.sys
2R ASCTRM - C:\WINDOWS\system32\drivers\asctrm.sys
3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
3S MODEMCSA (Unimodem Streaming Filter Device) - C:\WINDOWS\system32\drivers\MODEMCSA.sys
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S Mtlmnt5 - C:\WINDOWS\system32\drivers\mtlmnt5.sys
3S Mtlstrm - C:\WINDOWS\system32\drivers\mtlstrm.sys
3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070221.018\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070221.018\NAVEX15.SYS
3R NIC1394 (1394 Net Driver) - C:\WINDOWS\system32\drivers\nic1394.sys
3S NtMtlFax - C:\WINDOWS\system32\drivers\ntmtlfax.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
3S nvax (Service for NVIDIA(R) nForce(TM) Audio Enumerator) - C:\WINDOWS\system32\drivers\nvax.sys
3S NVENET (NVIDIA nForce MCP Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENET.sys
3R NVENETFD (NVIDIA nForce Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENETFD.sys
3R nvnetbus (NVIDIA Network Bus Enumerator) - C:\WINDOWS\system32\drivers\nvnetbus.sys
3S nvnforce (Service for NVIDIA(R) nForce(TM) Audio) - C:\WINDOWS\system32\drivers\nvapu.sys
0R nv_agp (NVIDIA nForce AGP Bus Filter) - C:\WINDOWS\system32\drivers\nv_agp.SYS
0R ohci1394 (VIA OHCI Compliant IEEE 1394 Host Controller) - C:\WINDOWS\system32\drivers\ohci1394.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\PxHelp20.sys
3S RecAgent - C:\WINDOWS\system32\drivers\recagent.sys
3R SAVRT - C:\WINDOWS\system32\drivers\savrt.sys
2R SAVRTPEL - C:\WINDOWS\system32\drivers\Savrtpel.sys
3S Slntamr (SmartLink AMR_PCI Driver) - C:\WINDOWS\system32\drivers\slntamr.sys
3S SlNtHal - C:\WINDOWS\system32\drivers\slnthal.sys
3S SlWdmSup - C:\WINDOWS\system32\drivers\slwdmsup.sys
3S SunkFilt (Alcor Micro Corp - 9360) - C:\WINDOWS\System32\Drivers\sunkfilt.sys (not found)
3R SymEvent - C:\Program Files\Symantec\SYMEVENT.SYS
3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3R usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3R usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3R USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
3R USR1806 (U.S. Robotics Faxmodem Driver 1806) - C:\WINDOWS\system32\drivers\USR1806.SYS
3S WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - C:\WINDOWS\system32\drivers\WudfPf.sys
3S WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - C:\WINDOWS\system32\drivers\WudfRd.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
2R ccEvtMgr (Symantec Event Manager) - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
3S ccPwdSvc (Symantec Password Validation Service) - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
3S clr_optimization_v2.0.50727_32 (.NET Runtime Optimization Service v2.0.50727_X86) - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
3S idsvc (Windows CardSpace) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "
2R LexBceS (LexBce Server) - C:\WINDOWS\system32\LEXBCES.EXE
2R navapsvc (Norton AntiVirus Auto Protect Service) - C:\Program Files\Norton AntiVirus\navapsvc.exe
3S NBService - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
4S NetTcpPortSharing (Net.Tcp Port Sharing Service) - "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe "
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\system32\nvsvc32.exe
2S SBService (ScriptBlocking Service) - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
2R SLService (SmartLinkService) - slserv.exe
3S SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe "
3S usnjsvc (Messenger Sharing Folders USN Journal Reader service) - "C:\Program Files\MSN Messenger\usnsvc.exe "
2R wfxsvc (WinFax PRO) - C:\WINDOWS\System32\WFXSVC.EXE
2R WMDM PMSP Service - C:\WINDOWS\System32\MsPMSPSv.exe

-- Scheduled Tasks --------------------------------------------------------------

2007-02-03 11:16:41 430 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>

--
it was to long so the rest of it and the supp.txt will be in the next post

keith 1000 · 2007/02/27

here's the rest

- Files created between 2007-01-27 and 2007-02-27 ------------------------------

2007-02-27 09:08:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-27 09:01:06 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-27 08:58:25 21504 --a------ C:\WINDOWS\system32\cdfviewb.dll
2007-02-26 08:29:25 21504 --a------ C:\WINDOWS\system32\cliconfgs.dll<CLICON~1.DLL>
2007-02-25 15:53:08 0 d-------- C:\Documents and Settings\Keith & Carrie\Application Data\Google
2007-02-25 15:53:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-02-25 15:52:48 0 d-------- C:\Program Files\Google
2007-02-25 08:27:30 21504 --a------ C:\WINDOWS\system32\cewmdma.dll
2007-02-25 08:27:27 0 d-------- C:\Program Files\TrustIn Contextual<TRUSTI~1>
2007-02-25 08:27:26 22016 --a------ C:\WINDOWS\system32\mscoriezb.dll<MSCORI~1.DLL>
2007-02-25 08:27:25 20992 --a------ C:\WINDOWS\se_spoof.dll
2007-02-24 13:32:49 0 d-------- C:\Documents and Settings\Keith & Carrie\Shared
2007-02-24 13:32:45 0 d-------- C:\Documents and Settings\Keith & Carrie\Incomplete<INCOMP~1>
2007-02-24 12:48:15 0 d-------- C:\Program Files\LimeWire
2007-02-24 12:40:33 0 d-------- C:\Documents and Settings\Keith & Carrie\.limewire<LIMEWI~1>
2007-02-24 00:44:04 16896 --a------ C:\WINDOWS\inetloader.dll<INETLO~1.DLL>
2007-02-23 21:48:20 0 d-------- C:\Program Files\Gabest
2007-02-23 21:43:36 5120 --a------ C:\WINDOWS\system\vdsvrlnk.dll
2007-02-23 21:43:36 7168 --a------ C:\WINDOWS\system\vdremote.dll
2007-02-23 21:06:01 0 d-------- C:\Program Files\DirectVobSub<DIRECT~1>
2007-02-23 20:24:32 0 d-------- C:\Documents and Settings\Keith & Carrie\Application Data\Ahead
2007-02-23 20:21:54 0 d-------- C:\Program Files\Nero
2007-02-23 20:21:54 0 d-------- C:\Program Files\Common Files\Ahead
2007-02-23 20:14:39 0 d-------- C:\Program Files\AC3Filter<AC3FIL~1>
2007-02-21 20:30:48 0 d-------- C:\Program Files\Babylon
2007-02-21 20:27:35 0 d-------- C:\Documents and Settings\Keith & Carrie\Application Data\Babylon
2007-02-21 20:27:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2007-02-15 03:01:59 0 d-------- C:\WINDOWS\ie7updates<IE7UPD~1>
2007-02-13 22:36:43 0 d-------- C:\Documents and Settings\Keith & Carrie\Application Data\DivX
2007-02-13 22:36:10 118520 -----n--- C:\WINDOWS\system32\pxinsi64.exe
2007-02-13 22:36:10 116472 -----n--- C:\WINDOWS\system32\pxcpyi64.exe
2007-02-13 22:36:10 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-02-13 22:36:10 36624 -----n--- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-02-13 22:36:10 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-02-13 22:36:10 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-02-13 22:35:55 0 d-------- C:\Program Files\DivX
2007-02-13 21:55:08 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-02-13 21:55:06 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-02-13 21:55:06 0 d-------- C:\Program Files\Xvid
2007-02-13 21:41:18 0 d-------- C:\Documents and Settings\Keith & Carrie\Application Data\Azureus
2007-02-13 21:40:52 0 d-------- C:\Program Files\Azureus
2007-02-12 15:33:54 0 d-------- C:\Documents and Settings\Keith & Carrie\Application Data\Help
2007-02-12 15:20:54 0 d-------- C:\temp
2007-02-12 15:18:43 0 d-------- C:\Program Files\ABBYY FineReader 6.0<ABBYYF~1.0>
2007-02-12 15:18:43 0 d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint<ABBYYF~1.0SP>
2007-02-12 15:17:45 40960 --a------ C:\WINDOWS\system32\lxczvs.dll
2007-02-12 15:17:44 73728 --a------ C:\WINDOWS\system32\lxczpwr.dll
2007-02-12 15:17:43 69632 --a------ C:\WINDOWS\system32\LXCZCU.DLL
2007-02-12 15:17:40 174592 --a------ C:\WINDOWS\system32\LEXPPS.EXE
2007-02-12 15:17:40 155648 --a------ C:\WINDOWS\system32\LEXPING.EXE
2007-02-12 15:17:40 201216 --a------ C:\WINDOWS\system32\LEXP2P32.DLL
2007-02-12 15:17:39 311296 --a------ C:\WINDOWS\system32\LEXBCES.EXE
2007-02-12 15:17:39 147456 --a------ C:\WINDOWS\system32\LEXBCE.DLL
2007-02-12 15:17:39 198144 --a------ C:\WINDOWS\system32\LEX2KUSB.DLL
2007-02-12 15:17:39 40960 --a------ C:\WINDOWS\system32\INSTMON.EXE
2007-02-12 15:17:36 90112 --a------ C:\WINDOWS\system32\LXCZCUR.DLL
2007-02-12 15:17:36 200704 --a------ C:\WINDOWS\system32\LEXLMPM.DLL
2007-02-12 15:17:22 87040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2007-02-12 15:17:22 15104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-02-12 15:17:14 356352 --a------ C:\WINDOWS\system32\LXCZUTIL.DLL
2007-02-12 15:17:14 69632 --a------ C:\WINDOWS\system32\lxczscin.dll
2007-02-12 15:17:14 983107 --a------ C:\WINDOWS\system32\LXCZGF.DLL
2007-02-12 15:17:14 49152 --a------ C:\WINDOWS\system32\lxczcoin.dll
2007-02-12 15:17:14 57344 --a------ C:\WINDOWS\system32\lxczcinf.dll
2007-02-12 15:17:00 458752 --a------ C:\WINDOWS\system32\LXCZJSWR.DLL
2007-02-12 15:17:00 0 d-------- C:\Program Files\Lexmark 1200 Series<LEXMAR~1>
2007-02-12 15:16:53 299520 --a------ C:\WINDOWS\uninst.exe
2007-02-12 15:16:24 0 d-------- C:\Documents and Settings\Keith & Carrie\WINDOWS
2007-02-08 17:54:12 25856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-02-05 17:45:57 0 d-------- C:\Documents and Settings\Keith & Carrie\Contacts
2007-02-05 17:45:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar<WINDOW~2>
2007-02-05 17:45:17 0 d-------- C:\Program Files\Windows Live Toolbar<WI81E8~1>
2007-02-05 17:44:41 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-02-05 17:44:32 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-05 10:55:10 10280 --a------ C:\WINDOWS\BigFixClientOverride.dll<BIGFIX~1.DLL>
2007-02-04 15:16:00 0 d-------- C:\Program Files\JSOFT
2007-02-04 14:55:29 0 d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-02-04 14:34:44 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-02-04 14:33:57 0 d-------- C:\NVIDIA
2007-02-04 14:14:20 0 d-------- C:\Program Files\Reference Assemblies<REFERE~1>
2007-02-04 14:13:16 14048 -----n--- C:\WINDOWS\system32\spmsg2.dll
2007-02-04 14:12:59 0 d-------- C:\8870f8593e153c72ab<8870F8~1>
2007-02-04 14:12:21 221184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-02-04 14:12:15 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-02-04 14:10:40 0 d-------- C:\WINDOWS\system32\LogFiles
2007-02-04 14:10:40 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-02-04 14:01:45 0 d-------- C:\WINDOWS\Microsoft.NET<MICROS~1.NET>
2007-02-04 14:01:45 0 dr--s---- C:\WINDOWS\assembly
2007-02-04 14:01:43 0 d-------- C:\WINDOWS\system32\URTTemp
2007-02-04 13:59:19 36352 -----n--- C:\WINDOWS\system32\tsgqec.dll
2007-02-04 13:59:19 288768 -----n--- C:\WINDOWS\system32\rhttpaa.dll
2007-02-04 13:59:19 116736 -----n--- C:\WINDOWS\system32\aaclient.dll
2007-02-04 13:36:13 0 d-------- C:\WINDOWS\Sun
2007-02-04 13:36:13 0 d-------- C:\Documents and Settings\Keith & Carrie\Application Data\Sun
2007-02-04 13:34:54 0 d-------- C:\Program Files\Java
2007-02-04 13:30:30 0 d-------- C:\Program Files\Common Files\Java
2007-02-04 12:51:14 127208 --a------ C:\WINDOWS\system32\mucltui.dll
2007-02-04 02:12:02 0 d--hs---- C:\RECYCLER
2007-02-03 21:09:05 0 d-------- C:\Program Files\IncrediMail<INCRED~1>
2007-02-03 20:46:38 0 d-------- C:\WINDOWS\WBEM
2007-02-03 20:46:37 0 d-------- C:\WINDOWS\system32\en-US
2007-02-03 20:45:37 0 d--h---c- C:\WINDOWS\ie7
2007-02-03 20:44:31 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-02-03 20:44:02 0 d-------- C:\WINDOWS\network diagnostic<NETWOR~1>
2007-02-03 14:59:27 0 d-------- C:\WINDOWS\Prefetch
2007-02-03 13:51:02 0 d-------- C:\WINDOWS\peernet
2007-02-03 13:51:01 0 d-------- C:\WINDOWS\provisioning<PROVIS~1>
2007-02-03 13:48:50 0 d-------- C:\WINDOWS\ServicePackFiles<SERVIC~1>
2007-02-03 13:43:43 0 d-------- C:\WINDOWS\EHome
2007-02-03 13:02:40 11776 -----n--- C:\WINDOWS\system32\spnpinst.exe
2007-02-03 13:02:40 4569 -----n--- C:\WINDOWS\system32\secupd.dat
2007-02-03 12:48:31 202240 --a------ C:\WINDOWS\system32\fdco1ins.dll
2007-02-03 12:48:31 202240 --a------ C:\WINDOWS\system32\fdco1.dll
2007-02-03 12:48:31 34048 --a------ C:\WINDOWS\system32\drivers\NVENETFD.sys
2007-02-03 12:48:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage<WINDOW~1>
2007-02-03 12:48:29 208896 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-02-03 12:48:29 33280 --a------ C:\WINDOWS\system32\nvconrm.dll
2007-02-03 12:48:29 100480 --a------ C:\WINDOWS\system32\drivers\nvtcp.sys
2007-02-03 12:48:29 221824 --a------ C:\WINDOWS\system32\drivers\nvsnpu.sys
2007-02-03 12:48:29 301312 --a------ C:\WINDOWS\system32\drivers\nvnrm.sys
2007-02-03 12:48:29 12928 --a------ C:\WINDOWS\system32\drivers\nvnetbus.sys
2007-02-03 12:48:29 9728 --a------ C:\WINDOWS\system32\bdco1ins.dll
2007-02-03 12:48:29 9728 --a------ C:\WINDOWS\system32\bdco1.dll
2007-02-03 12:48:29 0 d-------- C:\WINDOWS\NV15281536.TMP<NV1528~1.TMP>
2007-02-03 12:48:28 208896 --a------ C:\WINDOWS\system32\nvusmb.exe
2007-02-03 12:44:37 0 d-------- C:\Documents and Settings\Keith & Carrie\Application Data\Symantec
2007-02-03 12:44:37 0 d-------- C:\Documents and Settings\Keith & Carrie\Application Data\Roxio
2007-02-03 12:44:37 0 d-------- C:\Documents and Settings\Keith & Carrie\Application Data\InterTrust<INTERT~1>
2007-02-03 12:44:37 0 d-------- C:\Documents and Settings\Keith & Carrie\Application Data\Adobe
2007-02-03 12:44:36 4456448 --ah----- C:\Documents and Settings\Keith & Carrie\NTUSER.DAT
2007-02-03 12:43:51 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-02-03 12:43:48 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2007-02-03 12:43:48 0 d-------- C:\Documents and Settings\Default User\Application Data\Roxio
2007-02-03 12:43:48 0 d-------- C:\Documents and Settings\Default User\Application Data\InterTrust<INTERT~1>
2007-02-03 12:43:48 0 d-------- C:\Documents and Settings\Default User\Application Data\Adobe
2007-02-03 12:43:47 0 d-------- C:\Program Files\Program Shortcuts<PROGRA~1>
2007-02-03 12:42:43 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-02-03 12:13:27 12160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-02-03 12:13:25 21504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-02-03 12:13:23 14848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-02-03 12:13:22 9600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-02-03 12:13:07 793598 --a------ C:\WINDOWS\system32\drivers\USR1806.SYS
2007-02-03 12:13:06 61056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2007-02-03 12:13:06 6400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-02-03 12:13:06 53248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2007-02-03 12:10:57 21 --a------ C:\WINDOWS\system32\cleannt.cmd
2007-02-03 12:10:49 0 -rahs---- C:\MSDOS.SYS
2007-02-03 12:10:49 0 -rahs---- C:\IO.SYS
2007-02-03 12:10:49 0 -rahs---- C:\CONFIG.SYS
2007-02-03 12:10:49 0 -rahs---- C:\AUTOEXEC.BAT
2007-02-03 12:00:40 331264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-02-03 12:00:40 614912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-02-03 11:54:00 46352 --a------ C:\WINDOWS\setdebug.exe
2007-02-03 11:53:59 171280 --a------ C:\WINDOWS\system32\jit.dll
2007-02-03 11:53:59 139536 --a------ C:\WINDOWS\system32\javaee.dll
2007-02-03 11:53:59 313856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-02-03 11:53:59 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-02-03 11:53:55 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-02-03 11:53:55 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-02-03 11:53:55 171792 --a------ C:\WINDOWS\system32\wjview.exe
2007-02-03 11:53:54 286992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-02-03 11:53:54 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-02-03 11:53:54 947472 --a------ C:\WINDOWS\system32\msjava.dll
2007-02-03 11:53:53 154384 --a------ C:\WINDOWS\system32\msawt.dll
2007-02-03 11:53:53 172304 --a------ C:\WINDOWS\system32\jview.exe
2007-02-03 11:53:53 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-02-03 11:53:52 404752 --a------ C:\WINDOWS\system32\javart.dll
2007-02-03 11:53:52 63248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-02-03 11:53:52 187152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-02-03 11:53:51 49424 --a------ C:\WINDOWS\system32\clspack.exe
2007-02-03 11:31:50 0 d-------- C:\Program Files\Microsoft ActiveSync<MI3AA1~1>
2007-02-03 11:30:24 1082368 --a------ C:\WINDOWS\system32\esent.dll
2007-02-03 11:27:48 0 d-------- C:\WINDOWS\ShellNew
2007-02-03 11:21:55 0 d-------- C:\WINDOWS\system32\PreInstall<PREINS~1>
2007-02-03 11:21:53 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-03 11:21:06 0 d-------- C:\WINDOWS\system32\bits
2007-02-03 11:20:39 351232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-02-03 11:20:39 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-02-03 11:20:39 7168 -----n--- C:\WINDOWS\system32\bitsprx3.dll
2007-02-03 11:20:39 8192 -----n--- C:\WINDOWS\system32\bitsprx2.dll
2007-02-03 11:18:37 18200 --a------ C:\WINDOWS\system32\wups2.dll
2007-02-03 11:18:37 41240 --a------ C:\WINDOWS\system32\wups.dll
2007-02-03 11:18:36 127256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-02-03 11:18:36 194328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-02-03 11:18:36 172312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-02-03 11:18:36 465176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-02-03 11:18:20 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-02-03 11:18:12 0 d--hs---- C:\Documents and Settings\Keith & Carrie\UserData
2007-02-03 11:18:07 0 d-------- C:\Program Files\SymNetDrv<SYMNET~1>
2007-02-03 11:17:24 124168 --a------ C:\WINDOWS\system32\SymStore.dll
2007-02-03 11:07:13 437528 --a------ C:\WINDOWS\system32\401COMUPD.EXE<401COM~1.EXE>
2007-02-03 11:06:50 129536 --a------ C:\WINDOWS\system32\WFXSVC.EXE
2007-02-03 11:06:50 43008 --a------ C:\WINDOWS\system32\WFXSNT40.EXE
2007-02-03 11:06:50 132608 --a------ C:\WINDOWS\system32\WFXMNTHQ.DLL
2007-02-03 11:06:50 131072 --a------ C:\WINDOWS\system32\WFXMNT40.DLL
2007-02-03 11:06:50 37888 --a------ C:\WINDOWS\system32\DCCWFP32.DLL
2007-02-03 11:06:50 144384 --a------ C:\WINDOWS\system32\DCCMSP32.DLL
2007-02-03 11:06:50 104960 --a------ C:\WINDOWS\system32\DCCEXT32.DLL
2007-02-03 11:06:50 229888 --a------ C:\WINDOWS\system32\Crpaig32.dll
2007-02-03 11:06:49 17920 --a------ C:\WINDOWS\system32\IMPLODE.DLL
2007-02-03 11:06:49 5350912 --a------ C:\WINDOWS\system32\Crpe32.dll
2007-02-03 11:06:44 41 --a------ C:\WINDOWS\WFXDEL.BAT
2007-02-03 11:06:44 0 d-------- C:\Program Files\Common Files\Novell Shared<NOVELL~1>
2007-02-03 11:03:22 0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-03 11:03:18 57856 --a------ C:\WINDOWS\system32\spoolsv.exe
2007-02-03 10:52:13 584 --a------ C:\WINDOWS\system32\drivers\alcxinit.dat
2007-02-03 10:52:13 49152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-02-03 10:52:06 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-02-03 10:52:05 145792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-02-03 10:52:00 0 d-------- C:\Program Files\Realtek Sound Manager<REALTE~2>
2007-02-03 10:52:00 0 d-------- C:\Program Files\AvRack
2007-02-03 10:51:52 0 d-------- C:\Program Files\Realtek AC97<REALTE~1>
2007-02-03 10:51:51 10528768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2007-02-03 10:51:49 147456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-02-03 10:51:49 4025088 --a------ C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-02-03 10:51:49 577536 --a------ C:\WINDOWS\soundman.exe
2007-02-03 10:51:48 315392 --a------ C:\WINDOWS\alcupd.exe
2007-02-03 10:51:48 217088 --a------ C:\WINDOWS\Alcrmv.exe
2007-02-03 10:50:37 0 d-------- C:\WUTemp
2007-01-31 23:56:06 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll<DIVX_X~2.DLL>
2007-01-31 23:56:05 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll<DIVX_X~3.DLL>
2007-01-31 23:56:05 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll<DIVX_X~1.DLL>
2007-01-31 23:56:04 639066 --a------ C:\WINDOWS\system32\DivX.dll
2007-01-31 16:27:01 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-01-30 18:15:10 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe<DIVXCO~1.EXE>
2007-01-30 00:03:40 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-30 00:03:26 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-30 00:03:26 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-29 23:56:56 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-29 23:56:56 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-29 23:56:54 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-01-29 23:56:52 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-01-29 23:56:52 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-01-29 23:56:52 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-01-29 23:56:52 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-01-29 23:56:52 294912 --a------ C:\WINDOWS\system32\dpu10.dll

-- Find3M Report ----------------------------------------------------------------

2007-02-27 14:04:04 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-17 09:41:06 0 d---s---- C:\Documents and Settings\Keith & Carrie\Application Data\Microsoft<MICROS~1>
2007-02-05 12:09:50 0 d-------- C:\Program Files\Common Files\Adobe
2007-02-05 10:55:47 0 d-------- C:\Program Files\BigFix
2007-02-03 20:50:29 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-03 13:51:03 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-02-03 13:48:33 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-02-03 12:47:57 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-02-03 12:38:46 0 d-------- C:\Documents and Settings\Keith & Carrie\Application Data\Macromedia<MACROM~1>
2007-02-03 11:48:36 0 d-------- C:\Program Files\Symantec
2007-02-03 11:18:41 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-02-03 10:51:47 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-01-29 03:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-19 12:53:04 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll
2007-01-12 09:27:42 51712 -----n--- C:\WINDOWS\system32\msfeedsbs.dll<MSFEED~1.DLL>
2007-01-12 09:27:42 458752 -----n--- C:\WINDOWS\system32\msfeeds.dll
2007-01-12 09:27:42 6054400 --a------ C:\WINDOWS\system32\ieframe.dll
2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll
2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll
2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll
2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll
2007-01-08 19:02:02 383488 -----n--- C:\WINDOWS\system32\ieapfltr.dll
2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll
2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll
2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll
2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe
2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-12-19 16:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 13:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-12 11:24:42 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll<DIVXWM~1.DLL>
2006-11-27 09:54:06 433152 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-27 09:54:06 539136 --a------ C:\WINDOWS\system32\msftedit.dll

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe "= "C:\\WINDOWS\\system32\\ctfmon.exe "
"IncrediMail "= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c "
"MsnMsgr "= "\ "C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background "
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "\ "C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "
"nwiz "= "nwiz.exe /install "
"CHotkey "= "zHotkey.exe "
"ccApp "= "C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe "
"ccRegVfy "= "C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe "
"SoundMan "= "SOUNDMAN.EXE "
"WinFaxAppPortStarter "= "wfxsnt40.exe "
"Symantec NetDriver Monitor "= "C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer "
"SunJavaUpdateSched "= "\ "C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\" "
"NvMediaCenter "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit "
"Lexmark 1200 Series "= "\ "C:\\Program Files\\Lexmark 1200 Series\\lxczbmgr.exe\" "
"Babylon Client "= "C:\\Program Files\\Babylon\\Babylon-Pro\\Babylon.exe -AutoStart "
"NeroFilterCheck "= "C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed "= "1 "
"NoChange "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E} "=" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj "= "{AAA288BA-9A4C-45B0-95D7-94D524869DB5} "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

-- End of ComboScan: finished at 2007-02-27 at 23:50:06 -------------------------

keith 1000 · 2007/02/27

forgot the supplementary.txt here it is...thanks again, well its bed time so hopfully you might have some answers in the morning
thanks again

ComboScan v20070226.18 run by Keith & Carrie on 2007-02-27 at 23:41:17
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron(tm) Processor 2800+
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 478.42 MiB / 156.64 MiB
Pagefile Memory (total/avail): 1122.38 MiB / 781.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1996.16 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.79 GiB total, 98.42 GiB free.
D: is Fixed (NTFS) - 74.53 GiB total, 1.35 GiB free.
E: is CDROM (No Media)
F: is CDROM (Unformatted)
G: is Removable (FAT)

-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.

-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Keith & Carrie\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTER-ROOM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Keith & Carrie
LOGONSERVER=\\COMPUTER-ROOM
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\KEITH&~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\KEITH&~1\LOCALS~1\Temp
USERDOMAIN=COMPUTER-ROOM
USERNAME=Keith & Carrie
USERPROFILE=C:\Documents and Settings\Keith & Carrie
windir=C:\WINDOWS

-- User Profiles ----------------------------------------------------------------

Keith & Carrie (admin)

-- Add/Remove Programs ----------------------------------------------------------

-- End of ComboScan: finished at 2007-02-27 at 23:50:06 -------------------------

Blender · 2007/02/28

Hi

Thanks for posting those.

Lets see where Uninstall gets us.

Please go to add/remove programs and Uninstall:

TrustIn Contextual

Follow prompts carefully so they don't try tricking you into keeping any of it.

Reboot to Safe mode when done:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
* Instead of Windows loading as normal, a menu should appear
* Select the first option, to run Windows in Safe Mode.
* Log into your normal account.

Start Hijackthis
Run system scan and check the following items: (if present)

O2 - BHO: ChangerBHO Class - {0edc6c20-a31c-11db-8ab9-0800200c9a66} - C:\WINDOWS\system32\cdfviewb.dll
O2 - BHO: ContextualAds Class - {3AAC4C68-AFC8-11DB-80EF-8AF955D89593} - C:\Program Files\TrustIn Contextual\trustincontext.dll
O2 - BHO: Clicker Class - {631f7200-642e-11db-bd13-0800200c9a66} - C:\WINDOWS\system32\mscoriezb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SpoofBHO Class - {F67EEB12-AB09-11DB-A6F1-260856D89593} - C:\WINDOWS\se_spoof.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

Close all open windows and hit "Fix checked ", then OK.

Exit Hijackthis when done.

Find and delete if present the following folders: (if present)

C:\Program Files\TrustIn Contextual

Click start> run> type %temp% and hit enter.
Click "edit ", then select all, then delete all.
It is normal for a few files not to delete.

Open Internet Options in control panel
Under "browsing hitory" click "delete "
under "temporary interenet files" click "delete files ".

If you want to delete your cookies, history, form data & saved passwords you can do this from here as well. (not necessary tho)

Find and delete the following Files: (if present)
If you sort your system32 and windows folders by "modified" these files should be easier to find. If they exist they will be at near bottom of folder.
Hit the view tab> arroange icons by..> modified.

C:\WINDOWS\SYSTEM32\tisa.dll
C:\WINDOWS\SYSTEM32\lut.dat
C:\WINDOWS\SYSTEM32\tisa.cnf
C:\WINDOWS\SYSTEM32\ticads.exe
C:\WINDOWS\SYSTEM32\tctool.exe
C:\WINDOWS\SYSTEM32\ticont.dll
C:\WINDOWS\SYSTEM32\tpopup.exe
C:\WINDOWS\SYSTEM32\tconini.dat
C:\WINDOWS\SYSTEM32\lcch.dat
C:\WINDOWS\SYSTEM32\tu.exe
C:\WINDOWS\SYSTEM32\ttu.exe

C:\WINDOWS\onlineshopping.ico
C:\WINDOWS\removeadware.ico
C:\WINDOWS\sexpersonals.ico
C:\WINDOWS\local.html
C:\WINDOWS\se_spoof.dll
C:\WINDOWS\inetloader.dll
C:\Windows\mxd.exe
C:\Windows\tse.exe
C:\Windows\trustinbar.exe
C:\Windows\ads.js
C:\WINDOWS\videoslots.ico

Delete these icons from your Desktop:

Online Shopping.url
Remove Adware.url
Sex Personals.url
Video Slots.url

Empty recycle bin.

Reboot back to normal mode & post fresh hijackthis log please.
Let me know how computer is running.

Also post a log from the following online scan:

Using Internet Explorer please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then start to download the latest definition files.

Once the scanner is installed and the definitions downloaded, click Next.

Now click on Scan Settings

In the scan settings make sure that the following are selected:

Scan using the following Anti-Virus database:

Extended (If available otherwise Standard)

Scan Options:

Scan Archives

Scan Mail Bases

Click OK

Now under select a target to scan select My Computer

The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.

Now click on the Save report button.

Call it Kaspersky.txt

Expand the arrow beside "file types" and save as .txt file.

Save the file to your desktop.

Copy and paste that information in your next post.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

*Note2
If you have trouble getting past the initial download you may need to use the "zoom" tool at bottom of the scanner window and increase it to 125% to see and press the "accept" button.
Page will reload and you should be able to carry on scan.

Thanks

keith 1000 · 2007/02/28

hi tammy
thanks alot for what you did. so far its running good with no unusual activities. nowi did what you said to do, and all those files you got me to search and delete in windows and the only thing i had on my system was the file C:\windows\inetloader.dll i hope thats a good thing and also had no desktop icons like u suggested that could be there.
well here is the updated hjt and i will post the kaspersky report when i'm done
thanks again

Logfile of HijackThis v1.99.1
Scan saved at 11:09:15 AM, on 28/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Symantec\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Documents and Settings\Keith & Carrie\My Documents\HijackThis\Keith & Carrie.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe "
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1170519494906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170524756093
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

keith 1000 · 2007/02/28

hi tammy
well i finished the kaspersky report now what do i do? do i click on the "skulls" virus and continue theres like 12 of them the rest of the scan says locked. what does that mean. see i hit select all then all the virus's get checked, but the only option after that is a button that says send!! (send where) wheres the repair or delete option.
so i will leave the scan on the taskbar till i hear from you cause i don't no what to do next
thanks
post was to big so it will follow this scan report
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, February 28, 2007 2:31:58 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 28/02/2007
Kaspersky Anti-Virus database records: 274812
-------------------------------------------------------------------------------

keith 1000 · 2007/02/28

500 characters to long so i will have to split it again sorry!!! so i will split it at the "D" drive scan, for what its worth my "D" drive is just storage of music,movies and downloaded programs and files!!

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 88388
Number of viruses found: 2
Number of infected objects: 12 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:22:12

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Keith & Carrie\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Keith & Carrie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Keith & Carrie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Keith & Carrie\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Keith & Carrie\Local Settings\Temp\hsperfdata_Keith & Carrie\2780 Object is locked skipped
C:\Documents and Settings\Keith & Carrie\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Keith & Carrie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Keith & Carrie\My Documents\f4be600a-2006-06-17\crack.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\Documents and Settings\Keith & Carrie\My Documents\f4be600a-2006-06-17.rar/crack.exe Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\Documents and Settings\Keith & Carrie\My Documents\f4be600a-2006-06-17.rar RAR: infected - 1 skipped
C:\Documents and Settings\Keith & Carrie\My Documents\HijackThis\backups\backup-20070228-103413-116.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\Documents and Settings\Keith & Carrie\My Documents\HijackThis\backups\backup-20070228-103413-143.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\Documents and Settings\Keith & Carrie\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Keith & Carrie\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\eMachines_Vista.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security_UK.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\UK_Specific.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Urgent.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Virus.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Welcome.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\WinXP.dat Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFD Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFF Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFG Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFR Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status.WFX Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status2.WFD Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status2.WFG Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status2.WFX Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status3.WFD Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status3.WFG Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\Status3.WFX Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\StatusS.WFD Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\StatusS.WFG Object is locked skipped
C:\Program Files\Symantec\WinFax\Data\StatusS.WFX Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{485BCDE0-6F5D-44AC-ADFB-FC4AD5FDC45E}\RP152\A0007667.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{485BCDE0-6F5D-44AC-ADFB-FC4AD5FDC45E}\RP152\A0007669.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{485BCDE0-6F5D-44AC-ADFB-FC4AD5FDC45E}\RP152\A0007670.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{485BCDE0-6F5D-44AC-ADFB-FC4AD5FDC45E}\RP152\A0007672.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{485BCDE0-6F5D-44AC-ADFB-FC4AD5FDC45E}\RP152\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{2528F5BE-78B4-40E2-B76B-E85E4CD5EFA7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\cewmdma.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\WINDOWS\system32\cliconfgs.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

keith 1000 · 2007/02/28

ok! finally! heres the rest

D:\azureus programs\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\RECYCLER\NPROTECT\00000000.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000001.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000002.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000003.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000004.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000005.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000006.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000007.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000008.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000009.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000010.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000011.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000012.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000013.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000014.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000015.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000016.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000017.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000018.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000019.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000020.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000021.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000022.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000023.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000024.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000025.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000026.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000027.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000028.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000029.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000030.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000031.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000032.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000033.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000034.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000035.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000036.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000037.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000038.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000039.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000040.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000041.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000042.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000043.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000044.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000045.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000046.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000047.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000048.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000049.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000050.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000051.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000052.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000053.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000054.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000055.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000056.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000057.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000058.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000059.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000060.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000061.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000062.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000063.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000064.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000065.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000066.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000067.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000104.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000105.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000106.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000107.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000108.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000109.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000110.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000111.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000112.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000113.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000114.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000115.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000116.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000117.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000118.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000119.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000120.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000121.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000122.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000123.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000124.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000125.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000126.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000127.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000128.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000129.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000130.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000131.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000132.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000133.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000134.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000135.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000136.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000137.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000138.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000139.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000140.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000141.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000142.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000143.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000144.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000145.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000146.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000147.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000148.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000149.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000150.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000151.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000152.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000153.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000154.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000155.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000156.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000157.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000158.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000159.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000160.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000161.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000162.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000163.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000164.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000165.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000166.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000167.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000168.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000169.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000170.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000171.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000172.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000173.INF Object is locked skipped
D:\RECYCLER\NPROTECT\00000174.INF Object is locked skipped
D:\RECYCLER\NPROTECT\00000175.INF Object is locked skipped
D:\RECYCLER\NPROTECT\00000176.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000177.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000178.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000179.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000180.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000181.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000182.CAT Object is locked skipped
D:\RECYCLER\NPROTECT\00000183.CAT Object is locked skipped
D:\RECYCLER\NPROTECT\00000184.CAT Object is locked skipped
D:\RECYCLER\NPROTECT\00000185.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000186.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000187.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000188.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000189.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000190.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000199._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000200._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000201._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000202._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000203._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000204._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000205._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000206._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000207._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000208._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000209._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000210._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000211._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000212._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000213._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000214._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000215._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000216._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000217._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000218._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000219._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000220._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000221._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000222._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000223._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000224._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000225._P Object is locked skipped
D:\RECYCLER\NPROTECT\00000226.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000227.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000228.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000229.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000230.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000231.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000232.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000233.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000234.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000235.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000236.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000237.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000238.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000239.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000240.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000241.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000242.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000243.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000244.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000245.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000246.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000247.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000248.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000249.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000250.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000251.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000252.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000253.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000254.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000255.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000256.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000257.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000258.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000259.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000260.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000261.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000262.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000263.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000264.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000265.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000266.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000267.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000268.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000269.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000270.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000271.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000272.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000273.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000274.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000275.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000276.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000277.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000278.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000279.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000280.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000281.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000282.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000283.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000284.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000285.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000286.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000287.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000288.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000289.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000290.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000291.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000292.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000293.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000294.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000295.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000296.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000297.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000298.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000299.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000300.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000301.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000302.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000303.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000304.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000305.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000306.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000307.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000308.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000309.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000310.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000311.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000312.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000313.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000314.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000315.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000316.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000317.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000318.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000319.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000320.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000321.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000322.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000323.INF Object is locked skipped
D:\RECYCLER\NPROTECT\00000324.INF Object is locked skipped
D:\RECYCLER\NPROTECT\00000325.INF Object is locked skipped
D:\RECYCLER\NPROTECT\00000326.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000327.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000328.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000329.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000330.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000331.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000332.CAT Object is locked skipped
D:\RECYCLER\NPROTECT\00000333.CAT Object is locked skipped
D:\RECYCLER\NPROTECT\00000334.CAT Object is locked skipped
D:\RECYCLER\NPROTECT\00000335.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000336.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000337.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000338.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000339.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000340.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000342.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000343.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000344.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000345.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000346.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000347.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000348.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000349.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000350.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000351.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000352.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000353.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000354.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000355.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000356.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000357.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000358.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000359.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000360.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000361.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000362.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000363.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000364.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000365.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000366.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000367.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000368.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000369.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000370.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000371.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000372.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000373.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000374.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000375.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000376.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000377.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000378.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000379.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000380.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000381.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000382.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000383.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000384.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000385.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000386.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000387.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000388.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000389.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000390.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000391.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000392.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000393.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000394.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000395.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000396.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000397.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000398.ver Object is locked skipped
D:\RECYCLER\NPROTECT\00000399.inf Object is locked skipped
D:\RECYCLER\NPROTECT\00000400.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000401.pdb Object is locked skipped
D:\RECYCLER\NPROTECT\00000402.sys Object is locked skipped
D:\RECYCLER\NPROTECT\00000403.cat Object is locked skipped
D:\RECYCLER\NPROTECT\00000404.txt Object is locked skipped
D:\RECYCLER\NPROTECT\00000405.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000406.exe Object is locked skipped
D:\RECYCLER\NPROTECT\00000407.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000408.dll Object is locked skipped
D:\RECYCLER\NPROTECT\00000409.exe Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Blender · 2007/02/28

Hi

Looking pretty good.
Just a few files and a registry search to look for leftovers.

Those "locked files" that KAV shows. Don't worry about them. Those are normal. It just means the scanner couldnt access them because a program or windows had them in use.

The "send" option is so you can send file samples to Kaspersky.

This online scanner does not clean-- only reports. I rarely use online cleaners because they most often don't have a quarentine option and if it deletes a legit file...we can't replace it easy. I would rather rip out the baddies myself.

Can I get a couple samples from you? I would like to get these distributed to AV companies.

Please put these files in a folder called "samples ":

C:\WINDOWS\system32\cewmdma.dll
C:\WINDOWS\system32\cliconfgs.dll

Zip up the folder and upload it here please:

http://www.bleepingcomputer.com/submit-malware.php?channel=20

Please include a link to here si I remember what the files are about.
Then you can delete that folder and the zip you made.

Files to delete:

C:\Documents and Settings\Keith & Carrie\My Documents\f4be600a-2006-06-17\crack.exe
C:\Documents and Settings\Keith & Carrie\My Documents\f4be600a-2006-06-17.rar

Whatever program is in the f4be600a-2006-06-17 folder you already unzipped it so you can get rid of the rar file. That crack.exe is what seems to have messed things up.

C:\WINDOWS\system32\cewmdma.dll
C:\WINDOWS\system32\cliconfgs.dll
D:\azureus programs\SmitfraudFix <-- this is not a true malware but it is updated too often to bother keeping around. (reboot.f as detected by KAV is just a reboot tool used when smitfraudfix is removing files. AV programs have trouble to tell the difference between good/bad use of these tools so they warn the user.)

If you are using windows search to find these files please make sure under "advanced search options" the following are checked:

Search hidden
Search system
Search sub folders

Then search...

Let me know if those little bazaas wont delete.

Right click your recycle bin and click "empty norton protected recycle bin ". OK the prompt if you get one. Norton will rebuild it again.

Open Hijackthis
Click "view list of backups "
Click "delete all "
Ok the warning.
This removes the infected files Hijackthis backed up when we fixed items.

Download Bobbi Flekman's RegSearch from
http://www.xs4all.nl/~fstaal01/downloads/regsearch.zip

Create a folder for RegSearch on the C: drive called C:\RegSearch. You can do this by going to My Computer then double click on C: then right click and select New then Folder and name it RegSearch. Extract all the files from the zip archive into that folder.

Copy the following text inside the code box to a new notepad file.
Code:
RegSearch Options File

[Search]
0edc6c20-a31c-11db-8ab9-0800200c9a66
cdfviewb.dll
3AAC4C68-AFC8-11DB-80EF-8AF955D89593
631f7200-642e-11db-bd13-0800200c9a66
F67EEB12-AB09-11DB-A6F1-260856D89593
mscoriezb.dll
cliconfgs.dll
cewmdma.dll
TrustIn
[Exclude]

[Options]
Filter=KVDLUI
Save as file name Options.txt
As file type: all files
Save it to your desktop.

Open the RegSearch folder and double-click the icon for RegSearch.exe to launch the program.
Click the Import button.
Navigate to the desktop and choose the options.txt file, then click "open ".
If you can't see "options.txt" when you get to desktop just type options.txt in the file field provided.

Now click "OK "
Let the search finish.

When it is done notepad will open with log. Log is in the regsearch folder called regsearch.txt.

Please copy/paste the log contents back here.

If log is large you can upload it here:

http://www.bleepingcomputer.com/submit-malware.php?channel=19

Please include link to this thread so I know who's log it is.

Thanks

keith 1000 · 2007/02/28

hi
if you get this please answer A.S.A.P. i have moved the two files to a new sample folder, but this is where i need your help, i am not sure how to do what you ask. how do i zip the file then upload it and also leave a link to this site. please reply as soon as you can so we can get on with this
thanks

keith 1000 · 2007/02/28

ok i did it! Its sent so dont worry, i will post back when i'm done the whole thing
thanks

keith 1000 · 2007/02/28

well still working on it, i'm at the point where you ask to right click on recycle bin for norton , well i did that and i dont have norton protected bin, thought i should let you no that

Blender · 2007/02/28

Ok...
You can skip the "empty norton protected recycle bin" part...
Unless...
If you open the recycle bin does Norton give you the option there to purge it?

It might be called Norton Recovery or similar.
I have not run Norton in so long...I can't remember.

What options do you have available when you right click the recycle bin?

Reasoning behind wanting to purge these files is because Norton will sometimes back up nasty files (if he dont see em as malware)
Norton locks the recycle bin (his backups) fair tight just like Windows restore does. These files are difficult to remove unless through Norton program itself.

This isn't an immediate thing to take care of and we can wait a bit & take care of the more urgent stuffs first.

Blender

keith 1000 · 2007/02/28

hi tammy
i have norton 2003, and i don't see anything about protected bin when i right click i have open\explore\empty\shortcut and properties.
well the regsearch is done and its a biggie, whats with all the **** stuff at \trustin\url changer\XXX. i know my brother has been playing on my CPU but i havn't been on any of those sites i swear!!!LOL, but this log is way to big so i will upload it to the site you said (bleeping computer #19) now i will be waiting on what to do next to remove all these strings...

keith 1000 · 2007/02/28

ok! log file sent to "Bleeping ". will be waiting patiently for your reply,
if i don't hear from you tonight then good night and talk to ya tomorrow, will probably go to bed around 11-12 EST. its after 9 now
thanks

Log in or Sign up

problem pop-ups

keith 1000 Inactive Thread Starter

keith 1000 Inactive Thread Starter

Blender Inactive

keith 1000 Inactive Thread Starter

Blender Inactive

keith 1000 Inactive Thread Starter

keith 1000 Inactive Thread Starter

keith 1000 Inactive Thread Starter

Blender Inactive

keith 1000 Inactive Thread Starter

keith 1000 Inactive Thread Starter

keith 1000 Inactive Thread Starter

keith 1000 Inactive Thread Starter

Blender Inactive

keith 1000 Inactive Thread Starter

keith 1000 Inactive Thread Starter

keith 1000 Inactive Thread Starter

Blender Inactive

keith 1000 Inactive Thread Starter

keith 1000 Inactive Thread Starter

Share This Page

Log in or Sign up

problem pop-ups

keith 1000 Inactive Thread Starter

keith 1000 Inactive Thread Starter

Blender Inactive

keith 1000 Inactive Thread Starter

Blender Inactive

keith 1000 Inactive Thread Starter

keith 1000 Inactive Thread Starter

keith 1000 Inactive Thread Starter

Blender Inactive

keith 1000 Inactive Thread Starter

keith 1000 Inactive Thread Starter

keith 1000 Inactive Thread Starter

keith 1000 Inactive Thread Starter

Blender Inactive

keith 1000 Inactive Thread Starter

keith 1000 Inactive Thread Starter

keith 1000 Inactive Thread Starter

Blender Inactive

keith 1000 Inactive Thread Starter

keith 1000 Inactive Thread Starter

Share This Page

Useful Searches