Tech Support Forum - View Single Post - Ried (or anyone who can help). I believe I have the malware mljgd.dll???

TKoester39 · 12-02-2007, 01:30 PM

Hi Ried, back again with more info for you. Aren't you happy.

Well, here ya go.

ComboFix Log

ComboFix 07-12-02.5 - Todd K 2007-12-02 12:17:33.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.280 [GMT -6:00]
Running from: C:\Documents and Settings\Todd K\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Todd K\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\System32\aycdd.ini2
C:\WINDOWS\System32\ddcya.dll
c:\windows\system32\ldcore.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\System32\aycdd.ini2
C:\WINDOWS\System32\ddcya.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-12-02 00:20 . 2007-12-02 00:20 <DIR> d-------- C:\WINDOWS\SDFIX
2007-12-01 23:11 . 2007-12-02 12:26 7,164 --ahs---- C:\WINDOWS\SYSTEM32\aycdd.ini
2007-12-01 15:42 . 2007-12-01 15:42 <DIR> d-------- C:\Deckard
2007-12-01 12:19 . 2007-12-01 12:24 <DIR> d-------- C:\Program Files\Spruce
2007-11-18 17:10 . 2007-11-18 17:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-18 17:10 . 2007-11-18 17:10 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-11 19:12 . 2001-08-17 13:53 7,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\changer.sys
2007-11-11 19:12 . 2001-08-17 13:53 7,296 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\changer.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 06:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-02 06:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-02 03:12 81,712 ----a-w C:\Documents and Settings\Todd K\Application Data\GDIPFONTCACHEV1.DAT
2007-12-01 20:35 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-11-28 02:39 --------- d-----w C:\Documents and Settings\Todd K\Application Data\SiteAdvisor
2007-11-22 00:40 --------- d-----w C:\Program Files\McAfee
2007-11-08 05:52 --------- d-----w C:\Program Files\Common Files\McAfee
2007-10-28 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-28 04:21 --------- d-----w C:\Program Files\Trend Micro
2007-10-27 21:56 --------- d-----w C:\Program Files\QuickTime
2007-10-27 20:53 --------- d-----w C:\Program Files\Google
2007-10-27 20:36 --------- d-----w C:\Program Files\DellSupport
2007-10-27 03:53 --------- d-----w C:\Documents and Settings\Todd K\Application Data\SUPERAntiSpyware.com
2007-10-27 03:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-27 03:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-26 21:57 --------- d-----w C:\Documents and Settings\Amy Rauls\Application Data\SiteAdvisor
2007-10-26 21:09 --------- d--h--w C:\Documents and Settings\Todd K\Application Data\Gtek
2007-10-26 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-26 04:26 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot
2007-10-16 15:56 --------- d-----w C:\Program Files\Dell
2003-07-09 00:36 811 -c--a-w C:\Program Files\INSTALL.LOG
.

((((((((((((((((((((((((((((( snapshot@2007-12-01_21.52.47.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-01 00:37:48 163,328 ----a-w C:\WINDOWS\SDFIX\ERUNT\SDFIX\ERDNT.EXE
+ 2007-12-02 06:21:13 4,534,272 ----a-w C:\WINDOWS\SDFIX\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2007-12-02 06:21:13 12,288 ----a-w C:\WINDOWS\SDFIX\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-12-01 00:37:48 163,328 ----a-w C:\WINDOWS\SDFIX\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-12-02 06:21:02 4,534,272 ----a-w C:\WINDOWS\SDFIX\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2007-12-02 06:21:03 12,288 ----a-w C:\WINDOWS\SDFIX\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2002-08-29 10:00:00 50,620 ----a-w C:\WINDOWS\SYSTEM32\COMMAND.COM
+ 2001-08-18 19:00:00 50,620 ----a-w C:\WINDOWS\SYSTEM32\COMMAND.COM
- 2007-12-02 00:11:37 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2007-12-02 17:09:36 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2007-12-02 00:11:37 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2007-12-02 17:09:36 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2007-12-02 00:11:37 49,152 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
+ 2007-12-02 17:09:36 49,152 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 14:08]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 21:55]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 19:34]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-03 23:03]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 14:02]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-11-17 16:14]
"SBC Yahoo! Connection Manager"="C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe" [2003-07-14 13:55]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-08 20:39]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-13 15:27]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 19:34]

C:\Documents and Settings\Todd K\Start Menu\Programs\Startup\
Spruce - Auto Update.lnk - C:\Program Files\Spruce\Spruce.exe [2007-12-01 12:19:27]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-03 16:30:52]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\ddcya.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
2002-12-17 11:28 684032 --a------ C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
BCMSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2002-08-14 17:22 28672 -ra------ C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-11-03 13:56 188416 --a------ C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 02]
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe -l

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 02]
2003-06-11 00:52 122880 --a------ C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-10-18 11:58 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
1996-11-11 11:42 51216 --a------ C:\OPLIMIT\ocraware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
2007-08-18 03:12 394576 --a------ C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-07-01 12:15 53248 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-07-01 12:15 131072 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2003-12-10 03:52 380928 --a------ C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2004-09-28 20:26 32881 --a------ C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 00:00 90112 --------- C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
2004-11-10 22:15 111816 --a------ C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2002-07-23 10:58 12288 --a------ C:\Program Files\Winamp3\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2003-12-09 14:02 57344 --a------ C:\Program Files\Yahoo!\browser\ybrwicon.exe

R2 PPCLASS;PPCLASS;C:\WINDOWS\System32\drivers\PPCLASS.sys
S2 PPSCAN;PPSCAN;C:\WINDOWS\System32\drivers\PPSCAN.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-15 07:30:04 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-12-01 07:00:31 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 12:31:58
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-02 12:35:15 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-01 23:50
C:\ComboFix3.txt ... 2007-12-01 23:10
.
--- E O F ---

Kaspersky Results

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, December 02, 2007 2:25:15 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/12/2007
Kaspersky Anti-Virus database records: 470462
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: false

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 130126
Number of viruses found: 8
Number of infected objects: 17
Number of suspicious objects: 0
Duration of the scan process: 01:39:36

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\tempIpRules.xdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR3D.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3b4f78e7ff5c48899d2841e222dc185_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0363AA4D-1B6C-43D9-8F01-A407D4ACC05F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS04AFA515-B8EA-4FC1-A39C-4D69BE69390B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0FA525FC-5B15-4185-BCD2-2CEB27822CDF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1059B633-E60F-44B3-988E-921B9141880E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS13FFB38C-8217-4FF9-9D7A-95E9F4DCD38F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS15C4F50F-F3D5-4B26-8197-DA62BEB561A4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1649C7C1-12BF-4C83-A57D-ABEA565E6E4F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS185BEE16-CC4F-4CA8-B24F-D7298EC56D02.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1A2F665F-E86F-49CF-BEB1-0CCD45966406.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS229DDAA6-F401-4C37-AF42-38B9B920C3F1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS22FE0918-ED60-40AA-89A8-D4810E9C8417.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS24AD36AF-A51E-41E4-9607-2A1C375A7299.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2503A96A-5977-46EA-88DD-F3D845DB5E72.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS25DC20D8-2B13-4683-A557-DAC9D0DFC36B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS264D609F-059B-4FB7-AA36-AD550D2305CA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS26A5AF49-F03E-43A3-B8CD-C6A35A43FFE3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2C5D2188-F022-4ECC-AE49-BBA5B7142E9D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2D06C1EB-B6A4-4912-8C94-07A1FE94E120.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS36D84F8D-2E5F-42DB-A99C-CCE52A81A68D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3727C893-2931-4A45-8515-3EDBFB835CB3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3837E591-CF2C-411A-9AE1-05B4148EC0AC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS387DE905-64A3-48DF-9AA1-D053BEB40B5B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS418B3649-8C69-45F1-B659-5D9D6FC0823F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4577E20C-54D1-4D81-A6F9-A008E3598C24.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4F452518-DEFC-449B-9E5B-330992798B91.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS506F07FD-6204-4D3A-AC71-9BEFEFDE0E22.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS54645A37-3706-4730-B2D8-8AFF92D9E599.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS55CB0532-9299-4429-8C8C-CA05A9B848F5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS578415A9-DBCE-4AD2-B2B9-6E9BF4A846DE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS57920C00-A9CE-449E-A380-8D929D5E5836.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5A7A41E6-CFBF-4F16-A75A-60E6138C15BD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5C90D710-6E3D-46FA-88D2-88C36C4AF46F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS684BCDAC-3AA8-4D70-8A68-9AE61118DE1A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS68CB4E28-A7F7-4B4F-A349-174321209006.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6CDF0EA6-2177-4FBC-AB74-23C3849BCDB0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6E647D55-FF4D-44B3-AEF9-EB3CE372EF9B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS755936BC-B0DF-4831-B91E-182C8C91ACA6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS781FB51B-7445-4863-98FF-BA6818DD1C67.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS783C2450-012E-4F88-9F95-4608EF100BE4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7A590D96-93BE-4CE2-9A00-EA47545EAD3B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7DDA6503-C343-49D8-B2BB-21D94CB02E16.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7EBA5411-AD29-4E9A-B9E2-CB32DE11704C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7FFE298E-068C-4DC9-8A74-DA2B31A76DF7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS81FD17B3-7418-4D01-9122-60D4FD69DD83.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS85AB30D7-7430-4167-BECA-6FC215B438C5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS87C5D09E-6FAB-4989-8990-8D2A63CABED5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8862A1AB-2D01-4686-B16A-FFE38017E9F6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS88F785D5-472B-439C-9F3D-E97F50ED9B41.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8ABADEB1-B009-4958-990B-934ADE97CB6C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8BA36A1A-B876-4ED3-85A8-2F78459378EE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8DD01F77-936C-4002-8B95-95275881D33F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9136155F-A921-4DC8-90D6-81A46EECA19E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS93271FD1-A6A9-483B-8F08-0378A4072444.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS96DA484D-64FE-4B5F-A2F4-5A2282FDD2FA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS98CA7721-E144-4FA2-869D-7A7ABB6A2F80.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS98DC2C3A-30DC-48A0-AA33-1BBB3B17F380.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA2393478-0009-497A-8D59-532DEC2BA93F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA2A43501-14E1-49F0-8B4C-1A04A80F3DCC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA4692E2D-7F2A-4E30-A2A5-DB35B2DF0DC3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA9D27961-8E5D-4C24-B900-12185759A959.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAFFFAA4D-5BD5-4FCB-86A1-1BC89EFB53F3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB1CB8CE6-C1AD-4526-87FB-ECBC8726EFA5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB269C43C-2409-4D45-8C03-ED48C8A759E0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB7EC0665-6B33-408C-AB70-A023648427E9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB89B1AE5-34CC-4BD5-8D72-C048B5C6FB48.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC20FF554-18C1-4900-8B61-4F353D3419A4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC5378385-6A3E-4000-B68E-F631D862EE81.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC5A6BEB9-3FBA-43D6-9043-DC77A422FC79.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC6EE14BF-9251-4779-903B-902A4135A554.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC731BB0E-94BD-4261-8838-D76286D4961A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC99EC7BC-2CF7-4F1A-8D24-14610010827D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCDEC2AC7-20D8-41E7-954C-A837C6D93C3D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD16E9A62-3128-4B2E-9938-6674FBDCEEB8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD25875ED-3CB7-482D-AE68-D008A1E782A2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD756AE27-4ADB-4D79-B582-136DDE66B950.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD7B19E05-65A9-47B4-B389-BA6FB4BC1295.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD837238D-86F6-4B53-8018-74FDD0DCCEDC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD89538D1-9148-4655-B39F-34734FD38D80.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDA65E1B5-3EFE-45BB-90D0-54BAF998D2B8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDB382495-CC58-432B-A6AB-FF6D7FB2A564.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE387D077-9DD8-4A90-86D6-93C57C31E37E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEA7B0DE4-B9AD-4551-AC06-604AADE810D8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEFDB0E97-5A55-4C5B-82AB-A621AC840E5C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF5B70A05-3055-4976-A2C8-C0DE0B0A18CE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF65407EB-788E-4EC8-BD1A-643B3DFB673E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF69CE0F0-46FF-4E54-842A-1BD58A677EA9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF7ACB699-0921-421C-A29A-41D3272390EF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF7DC12F7-596A-4A1C-88B7-46B94C31E0A5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF9506751-1686-4DE0-9C86-A78D4F524508.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF9DDE33C-EF8F-4CFD-A832-D71C328D1C14.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFBADCD91-7146-4F25-A5A6-503082B31168.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Todd K\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Todd K\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Todd K\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Todd K\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Todd K\Application Data\MySpace\IM\Logs\MySpaceIM-20071202-123231.log Object is locked skipped
C:\Documents and Settings\Todd K\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3a44e4f7-7f4fde7c.zip/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Todd K\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3a44e4f7-7f4fde7c.zip/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Todd K\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3a44e4f7-7f4fde7c.zip/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped
C:\Documents and Settings\Todd K\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3a44e4f7-7f4fde7c.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Todd K\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4972fc1f-7e7d8316.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\Todd K\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4972fc1f-7e7d8316.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Todd K\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Todd K\Application Data\Webroot\Spy Sweeper\Logs\071201123050.ses Object is locked skipped
C:\Documents and Settings\Todd K\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Todd K\Desktop\[4]-Submit_2007-12-01@23.30.zip/hg173.exe Infected: Trojan-Clicker.Win32.VB.vx skipped
C:\Documents and Settings\Todd K\Desktop\[4]-Submit_2007-12-01@23.30.zip/fccyaab.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped
C:\Documents and Settings\Todd K\Desktop\[4]-Submit_2007-12-01@23.30.zip/ssqqppm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped
C:\Documents and Settings\Todd K\Desktop\[4]-Submit_2007-12-01@23.30.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Todd K\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Todd K\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Todd K\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Todd K\Local Settings\History\History.IE5\MSHist012007120220071203\index.dat Object is locked skipped
C:\Documents and Settings\Todd K\Local Settings\Temp\~DF20AD.tmp Object is locked skipped
C:\Documents and Settings\Todd K\Local Settings\Temp\~DF66DB.tmp Object is locked skipped
C:\Documents and Settings\Todd K\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Todd K\ntuser.dat Object is locked skipped
C:\Documents and Settings\Todd K\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071027-233228-334.dll Infected: not-a-virus:AdWare.Win32.Coupons.h skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\CONFIG\47448844.Evt.vir Infected: Trojan.Win32.KillAV.lz skipped
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\dwdsrngt.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ac skipped
C:\SDFix\SDFix\apps\Process.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP14\A0002851.exe Infected: Trojan-Clicker.Win32.VB.vx skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP14\A0002854.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP14\A0002856.exe Infected: Trojan-Clicker.Win32.VB.vx skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0006870.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ac skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\A0009132.exe Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\MEMORY.DMP Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{A1CAD9C7-9FDD-4DCE-BCAA-F3941E935F2E}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\mcafee_srSLe2SgQJb9z6P Object is locked skipped
C:\WINDOWS\Temp\mcmsc_dY485KMVTbXdz3J Object is locked skipped
C:\WINDOWS\Temp\mcmsc_J3cmVzXO31L3ivp Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:32 PM, on 12/2/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Spruce\X_Spruce.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.102/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.102/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.102/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.102/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] "C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6172\SiteAdv.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MySpaceIM] "C:\Program Files\MySpace\IM\MySpaceIM.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Spruce - Auto Update.lnk = C:\Program Files\Spruce\Spruce.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135213171875
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/game...utLauncher.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 9872 bytes

Thanks......again.

12-02-2007, 01:30 PM	#8 (permalink)
TKoester39 Registered User Join Date: Oct 2007 Location: MO Posts: 22 OS: XP	Re: Ried (or anyone who can help). I believe I have the malware mljgd.dll??? Hi Ried, back again with more info for you. Aren't you happy. Well, here ya go. ComboFix Log ComboFix 07-12-02.5 - Todd K 2007-12-02 12:17:33.7 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.280 [GMT -6:00] Running from: C:\Documents and Settings\Todd K\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Todd K\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\System32\aycdd.ini2 C:\WINDOWS\System32\ddcya.dll c:\windows\system32\ldcore.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\System32\aycdd.ini2 C:\WINDOWS\System32\ddcya.dll . ((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))) . 2007-12-02 00:20 . 2007-12-02 00:20 <DIR> d-------- C:\WINDOWS\SDFIX 2007-12-01 23:11 . 2007-12-02 12:26 7,164 --ahs---- C:\WINDOWS\SYSTEM32\aycdd.ini 2007-12-01 15:42 . 2007-12-01 15:42 <DIR> d-------- C:\Deckard 2007-12-01 12:19 . 2007-12-01 12:24 <DIR> d-------- C:\Program Files\Spruce 2007-11-18 17:10 . 2007-11-18 17:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-11-18 17:10 . 2007-11-18 17:10 1,409 --a------ C:\WINDOWS\QTFont.for 2007-11-11 19:12 . 2001-08-17 13:53 7,296 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\changer.sys 2007-11-11 19:12 . 2001-08-17 13:53 7,296 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\changer.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-02 06:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2007-12-02 06:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2007-12-02 03:12 81,712 ----a-w C:\Documents and Settings\Todd K\Application Data\GDIPFONTCACHEV1.DAT 2007-12-01 20:35 --------- d-----w C:\Program Files\SUPERAntiSpyware 2007-11-28 02:39 --------- d-----w C:\Documents and Settings\Todd K\Application Data\SiteAdvisor 2007-11-22 00:40 --------- d-----w C:\Program Files\McAfee 2007-11-08 05:52 --------- d-----w C:\Program Files\Common Files\McAfee 2007-10-28 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-28 04:21 --------- d-----w C:\Program Files\Trend Micro 2007-10-27 21:56 --------- d-----w C:\Program Files\QuickTime 2007-10-27 20:53 --------- d-----w C:\Program Files\Google 2007-10-27 20:36 --------- d-----w C:\Program Files\DellSupport 2007-10-27 03:53 --------- d-----w C:\Documents and Settings\Todd K\Application Data\SUPERAntiSpyware.com 2007-10-27 03:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2007-10-27 03:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-10-26 21:57 --------- d-----w C:\Documents and Settings\Amy Rauls\Application Data\SiteAdvisor 2007-10-26 21:09 --------- d--h--w C:\Documents and Settings\Todd K\Application Data\Gtek 2007-10-26 18:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7 2007-10-26 04:26 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot 2007-10-16 15:56 --------- d-----w C:\Program Files\Dell 2003-07-09 00:36 811 -c--a-w C:\Program Files\INSTALL.LOG . ((((((((((((((((((((((((((((( snapshot@2007-12-01_21.52.47.67 ))))))))))))))))))))))))))))))))))))))))) . + 2007-12-01 00:37:48 163,328 ----a-w C:\WINDOWS\SDFIX\ERUNT\SDFIX\ERDNT.EXE + 2007-12-02 06:21:13 4,534,272 ----a-w C:\WINDOWS\SDFIX\ERUNT\SDFIX\Users\00000001\ntuser.dat + 2007-12-02 06:21:13 12,288 ----a-w C:\WINDOWS\SDFIX\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2007-12-01 00:37:48 163,328 ----a-w C:\WINDOWS\SDFIX\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2007-12-02 06:21:02 4,534,272 ----a-w C:\WINDOWS\SDFIX\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat + 2007-12-02 06:21:03 12,288 ----a-w C:\WINDOWS\SDFIX\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2002-08-29 10:00:00 50,620 ----a-w C:\WINDOWS\SYSTEM32\COMMAND.COM + 2001-08-18 19:00:00 50,620 ----a-w C:\WINDOWS\SYSTEM32\COMMAND.COM - 2007-12-02 00:11:37 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT + 2007-12-02 17:09:36 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT - 2007-12-02 00:11:37 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT + 2007-12-02 17:09:36 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT - 2007-12-02 00:11:37 49,152 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT + 2007-12-02 17:09:36 49,152 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 14:08] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 21:55] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 19:34] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 13:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-03 23:03] "YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 14:02] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-11-17 16:14] "SBC Yahoo! Connection Manager"="C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe" [2003-07-14 13:55] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-08 20:39] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-13 15:27] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 19:34] C:\Documents and Settings\Todd K\Start Menu\Programs\Startup\ Spruce - Auto Update.lnk - C:\Program Files\Spruce\Spruce.exe [2007-12-01 12:19:27] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-01-03 16:30:52] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\System32\ddcya.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk backup=C:\WINDOWS\pss\America Online 8.0 Tray Icon.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk backup=C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2002-12-17 11:28 684032 --a------ C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG] BCMSMMSG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] C:\Program Files\Dell Support\DSAgnt.exe /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry] 2002-08-14 17:22 28672 -ra------ C:\WINDOWS\System32\DSentry.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2002-11-03 13:56 188416 --a------ C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightLAN 02] C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe -l [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 02] 2003-06-11 00:52 122880 --a------ C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2005-10-18 11:58 278528 --a------ C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] 1996-11-11 11:42 51216 --a------ C:\OPLIMIT\ocraware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe files\mcafee.com\agent\mcagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] 2007-08-18 03:12 394576 --a------ C:\PROGRA~1\mcafee.com\agent\mcupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask] 2004-07-01 12:15 53248 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] 2004-07-01 12:15 131072 --a------ C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge] 2003-12-10 03:52 380928 --a------ C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /startintray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2004-09-28 20:26 32881 --a------ C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 00:00 90112 --------- C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr] 2004-11-10 22:15 111816 --a------ C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask] C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe /checktask [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2002-07-23 10:58 12288 --a------ C:\Program Files\Winamp3\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 1 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser] 2003-12-09 14:02 57344 --a------ C:\Program Files\Yahoo!\browser\ybrwicon.exe R2 PPCLASS;PPCLASS;C:\WINDOWS\System32\drivers\PPCLASS.sys S2 PPSCAN;PPSCAN;C:\WINDOWS\System32\drivers\PPSCAN.sys . Contents of the 'Scheduled Tasks' folder "2007-11-15 07:30:04 C:\WINDOWS\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe' "2007-12-01 07:00:31 C:\WINDOWS\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe . ************************************************************************ catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-02 12:31:58 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ********************************************************************** . Completion time: 2007-12-02 12:35:15 - machine was rebooted C:\ComboFix2.txt ... 2007-12-01 23:50 C:\ComboFix3.txt ... 2007-12-01 23:10 . --- E O F --- Kaspersky Results ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, December 02, 2007 2:25:15 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 2/12/2007 Kaspersky Anti-Virus database records: 470462 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: false Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 130126 Number of viruses found: 8 Number of infected objects: 17 Number of suspicious objects: 0 Duration of the scan process: 01:39:36 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\tempIpRules.xdb Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR3D.tmp Object is locked skipped C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3b4f78e7ff5c48899d2841e222dc185_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0363AA4D-1B6C-43D9-8F01-A407D4ACC05F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS04AFA515-B8EA-4FC1-A39C-4D69BE69390B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0FA525FC-5B15-4185-BCD2-2CEB27822CDF.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1059B633-E60F-44B3-988E-921B9141880E.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS13FFB38C-8217-4FF9-9D7A-95E9F4DCD38F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS15C4F50F-F3D5-4B26-8197-DA62BEB561A4.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1649C7C1-12BF-4C83-A57D-ABEA565E6E4F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS185BEE16-CC4F-4CA8-B24F-D7298EC56D02.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1A2F665F-E86F-49CF-BEB1-0CCD45966406.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS229DDAA6-F401-4C37-AF42-38B9B920C3F1.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS22FE0918-ED60-40AA-89A8-D4810E9C8417.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS24AD36AF-A51E-41E4-9607-2A1C375A7299.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2503A96A-5977-46EA-88DD-F3D845DB5E72.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS25DC20D8-2B13-4683-A557-DAC9D0DFC36B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS264D609F-059B-4FB7-AA36-AD550D2305CA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS26A5AF49-F03E-43A3-B8CD-C6A35A43FFE3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2C5D2188-F022-4ECC-AE49-BBA5B7142E9D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2D06C1EB-B6A4-4912-8C94-07A1FE94E120.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS36D84F8D-2E5F-42DB-A99C-CCE52A81A68D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3727C893-2931-4A45-8515-3EDBFB835CB3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3837E591-CF2C-411A-9AE1-05B4148EC0AC.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS387DE905-64A3-48DF-9AA1-D053BEB40B5B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS418B3649-8C69-45F1-B659-5D9D6FC0823F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4577E20C-54D1-4D81-A6F9-A008E3598C24.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4F452518-DEFC-449B-9E5B-330992798B91.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS506F07FD-6204-4D3A-AC71-9BEFEFDE0E22.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS54645A37-3706-4730-B2D8-8AFF92D9E599.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS55CB0532-9299-4429-8C8C-CA05A9B848F5.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS578415A9-DBCE-4AD2-B2B9-6E9BF4A846DE.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS57920C00-A9CE-449E-A380-8D929D5E5836.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5A7A41E6-CFBF-4F16-A75A-60E6138C15BD.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5C90D710-6E3D-46FA-88D2-88C36C4AF46F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS684BCDAC-3AA8-4D70-8A68-9AE61118DE1A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS68CB4E28-A7F7-4B4F-A349-174321209006.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6CDF0EA6-2177-4FBC-AB74-23C3849BCDB0.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6E647D55-FF4D-44B3-AEF9-EB3CE372EF9B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS755936BC-B0DF-4831-B91E-182C8C91ACA6.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS781FB51B-7445-4863-98FF-BA6818DD1C67.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS783C2450-012E-4F88-9F95-4608EF100BE4.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7A590D96-93BE-4CE2-9A00-EA47545EAD3B.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7DDA6503-C343-49D8-B2BB-21D94CB02E16.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7EBA5411-AD29-4E9A-B9E2-CB32DE11704C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7FFE298E-068C-4DC9-8A74-DA2B31A76DF7.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS81FD17B3-7418-4D01-9122-60D4FD69DD83.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS85AB30D7-7430-4167-BECA-6FC215B438C5.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS87C5D09E-6FAB-4989-8990-8D2A63CABED5.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8862A1AB-2D01-4686-B16A-FFE38017E9F6.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS88F785D5-472B-439C-9F3D-E97F50ED9B41.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8ABADEB1-B009-4958-990B-934ADE97CB6C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8BA36A1A-B876-4ED3-85A8-2F78459378EE.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8DD01F77-936C-4002-8B95-95275881D33F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9136155F-A921-4DC8-90D6-81A46EECA19E.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS93271FD1-A6A9-483B-8F08-0378A4072444.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS96DA484D-64FE-4B5F-A2F4-5A2282FDD2FA.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS98CA7721-E144-4FA2-869D-7A7ABB6A2F80.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS98DC2C3A-30DC-48A0-AA33-1BBB3B17F380.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA2393478-0009-497A-8D59-532DEC2BA93F.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA2A43501-14E1-49F0-8B4C-1A04A80F3DCC.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA4692E2D-7F2A-4E30-A2A5-DB35B2DF0DC3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA9D27961-8E5D-4C24-B900-12185759A959.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAFFFAA4D-5BD5-4FCB-86A1-1BC89EFB53F3.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB1CB8CE6-C1AD-4526-87FB-ECBC8726EFA5.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB269C43C-2409-4D45-8C03-ED48C8A759E0.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB7EC0665-6B33-408C-AB70-A023648427E9.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB89B1AE5-34CC-4BD5-8D72-C048B5C6FB48.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC20FF554-18C1-4900-8B61-4F353D3419A4.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC5378385-6A3E-4000-B68E-F631D862EE81.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC5A6BEB9-3FBA-43D6-9043-DC77A422FC79.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC6EE14BF-9251-4779-903B-902A4135A554.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC731BB0E-94BD-4261-8838-D76286D4961A.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC99EC7BC-2CF7-4F1A-8D24-14610010827D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCDEC2AC7-20D8-41E7-954C-A837C6D93C3D.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD16E9A62-3128-4B2E-9938-6674FBDCEEB8.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD25875ED-3CB7-482D-AE68-D008A1E782A2.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD756AE27-4ADB-4D79-B582-136DDE66B950.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD7B19E05-65A9-47B4-B389-BA6FB4BC1295.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD837238D-86F6-4B53-8018-74FDD0DCCEDC.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD89538D1-9148-4655-B39F-34734FD38D80.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDA65E1B5-3EFE-45BB-90D0-54BAF998D2B8.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDB382495-CC58-432B-A6AB-FF6D7FB2A564.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE387D077-9DD8-4A90-86D6-93C57C31E37E.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEA7B0DE4-B9AD-4551-AC06-604AADE810D8.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEFDB0E97-5A55-4C5B-82AB-A621AC840E5C.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF5B70A05-3055-4976-A2C8-C0DE0B0A18CE.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF65407EB-788E-4EC8-BD1A-643B3DFB673E.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF69CE0F0-46FF-4E54-842A-1BD58A677EA9.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF7ACB699-0921-421C-A29A-41D3272390EF.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF7DC12F7-596A-4A1C-88B7-46B94C31E0A5.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF9506751-1686-4DE0-9C86-A78D4F524508.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF9DDE33C-EF8F-4CFD-A832-D71C328D1C14.tmp Object is locked skipped C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFBADCD91-7146-4F25-A5A6-503082B31168.tmp Object is locked skipped C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Todd K\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped C:\Documents and Settings\Todd K\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped C:\Documents and Settings\Todd K\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped C:\Documents and Settings\Todd K\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped C:\Documents and Settings\Todd K\Application Data\MySpace\IM\Logs\MySpaceIM-20071202-123231.log Object is locked skipped C:\Documents and Settings\Todd K\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3a44e4f7-7f4fde7c.zip/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped C:\Documents and Settings\Todd K\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3a44e4f7-7f4fde7c.zip/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped C:\Documents and Settings\Todd K\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3a44e4f7-7f4fde7c.zip/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped C:\Documents and Settings\Todd K\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-3a44e4f7-7f4fde7c.zip ZIP: infected - 3 skipped C:\Documents and Settings\Todd K\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4972fc1f-7e7d8316.zip/vmain.class Infected: Exploit.Java.Gimsh.b skipped C:\Documents and Settings\Todd K\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-4972fc1f-7e7d8316.zip ZIP: infected - 1 skipped C:\Documents and Settings\Todd K\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped C:\Documents and Settings\Todd K\Application Data\Webroot\Spy Sweeper\Logs\071201123050.ses Object is locked skipped C:\Documents and Settings\Todd K\Cookies\INDEX.DAT Object is locked skipped C:\Documents and Settings\Todd K\Desktop\[4]-Submit_2007-12-01@23.30.zip/hg173.exe Infected: Trojan-Clicker.Win32.VB.vx skipped C:\Documents and Settings\Todd K\Desktop\[4]-Submit_2007-12-01@23.30.zip/fccyaab.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped C:\Documents and Settings\Todd K\Desktop\[4]-Submit_2007-12-01@23.30.zip/ssqqppm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped C:\Documents and Settings\Todd K\Desktop\[4]-Submit_2007-12-01@23.30.zip ZIP: infected - 3 skipped C:\Documents and Settings\Todd K\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Todd K\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Todd K\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped C:\Documents and Settings\Todd K\Local Settings\History\History.IE5\MSHist012007120220071203\index.dat Object is locked skipped C:\Documents and Settings\Todd K\Local Settings\Temp\~DF20AD.tmp Object is locked skipped C:\Documents and Settings\Todd K\Local Settings\Temp\~DF66DB.tmp Object is locked skipped C:\Documents and Settings\Todd K\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Todd K\ntuser.dat Object is locked skipped C:\Documents and Settings\Todd K\ntuser.dat.LOG Object is locked skipped C:\Program Files\Trend Micro\HijackThis\backups\backup-20071027-233228-334.dll Infected: not-a-virus:AdWare.Win32.Coupons.h skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\CONFIG\47448844.Evt.vir Infected: Trojan.Win32.KillAV.lz skipped C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\dwdsrngt.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ac skipped C:\SDFix\SDFix\apps\Process.exe Object is locked skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP14\A0002851.exe Infected: Trojan-Clicker.Win32.VB.vx skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP14\A0002854.dll Infected: Trojan-Downloader.Win32.Small.gkh skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP14\A0002856.exe Infected: Trojan-Clicker.Win32.VB.vx skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP15\A0006870.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.ac skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\A0009132.exe Object is locked skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\change.log Object is locked skipped C:\WINDOWS\Debug\oakley.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\MEMORY.DMP Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{A1CAD9C7-9FDD-4DCE-BCAA-F3941E935F2E}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\Temp\mcafee_srSLe2SgQJb9z6P Object is locked skipped C:\WINDOWS\Temp\mcmsc_dY485KMVTbXdz3J Object is locked skipped C:\WINDOWS\Temp\mcmsc_J3cmVzXO31L3ivp Object is locked skipped C:\WINDOWS\WIADEBUG.LOG Object is locked skipped C:\WINDOWS\WIASERVC.LOG Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Hijackthis Log** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:27:32 PM, on 12/2/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\SiteAdvisor\6172\SAService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\PROGRA~1\McAfee.com\Agent\mcagent.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe C:\Program Files\SiteAdvisor\6172\SiteAdv.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Spruce\X_Spruce.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.102/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.102/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://69.31.79.102/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://69.31.79.102/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] "C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe" O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MySpaceIM] "C:\Program Files\MySpace\IM\MySpaceIM.exe" O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: Spruce - Auto Update.lnk = C:\Program Files\Spruce\Spruce.exe O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1135213171875 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/game...utLauncher.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE -- End of file - 9872 bytes Thanks......again.